diff --git a/src/main/java/org/dependencytrack/parser/osv/OsvAdvisoryParser.java b/src/main/java/org/dependencytrack/parser/osv/OsvAdvisoryParser.java index 0ab7666ae9..29e4d1cb16 100644 --- a/src/main/java/org/dependencytrack/parser/osv/OsvAdvisoryParser.java +++ b/src/main/java/org/dependencytrack/parser/osv/OsvAdvisoryParser.java @@ -80,6 +80,14 @@ public OsvAdvisory parse(final JSONObject object) { } } + // update for RLSA and DLA + final JSONArray related = object.optJSONArray("related"); + if(related != null) { + for (int i=0; i aliases = qm.getVulnerabilityAliases(vulnerability); + assertThat(aliases).satisfiesExactly( + alias -> { + assertThat(alias.getCveId()).isEqualTo("CVE-2019-7164"); + }, + alias -> { + assertThat(alias.getCveId()).isEqualTo("CVE-2019-7548"); + }, + alias -> { + assertThat(alias.getCveId()).isEqualTo("CVE-2019-9636"); + } + ); + } + @Test public void testUpdateDatasourceVulnerableVersionRanges() { var vs1 = new VulnerableSoftware(); diff --git a/src/test/resources/unit/osv.jsons/osv-RLSA-20190981.json b/src/test/resources/unit/osv.jsons/osv-RLSA-20190981.json new file mode 100644 index 0000000000..11036c326b --- /dev/null +++ b/src/test/resources/unit/osv.jsons/osv-RLSA-20190981.json @@ -0,0 +1,1031 @@ +{ + "id": "RLSA-2019:0981", + "summary": "Important: python27:2.7 security update", + "details": "Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing.\n\nSQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases.\n\nSecurity Fix(es):\n\n* python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636)\n\n* python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164)\n\n* python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "modified": "2023-02-02T12:54:45.361476Z", + "published": "2019-05-07T03:40:00Z", + "related": [ + "CVE-2019-7164", + "CVE-2019-7548", + "CVE-2019-9636" + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://errata.rockylinux.org/RLSA-2019:0981" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1674059" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678520" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688543" + } + ], + "affected": [ + { + "package": { + "name": "python-markupsafe", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.23-19.el8" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-markupsafe", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-markupsafe?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.23-19.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-attrs", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-5-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:17.4.0-10.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-attrs", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-attrs?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:17.4.0-10.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "babel", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/babel?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.5.1-9.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "Cython", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.28.1-7.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "Cython", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/Cython?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.28.1-7.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "pytest", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.4.2-13.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "pytest", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/pytest?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.4.2-13.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-funcsigs", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-funcsigs?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.0.2-13.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python2-rpm-macros", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python2-rpm-macros?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3-38.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-chardet", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.0.4-10.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-chardet", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-chardet?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.0.4-10.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-coverage", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:4.5.1-4.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-coverage", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-coverage?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:4.5.1-4.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-docutils", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.14-12.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-docutils", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-docutils?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.14-12.module+el8.3.0+120+426d8baf" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-idna", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.5-7.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-idna", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-idna?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.5-7.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-ipaddress", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-ipaddress?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.0.18-6.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-jinja2", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-jinja2?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.10-8.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-lxml", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-lxml?distro=rocky-linux-8-5-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:4.2.3-3.el8" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-mock", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-mock?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.0.0-13.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-nose", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-nose?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.3.7-30.module+el8.3.0+120+426d8baf" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pluggy", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.6.0-8.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pluggy", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pluggy?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.6.0-8.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-psycopg2", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.7.5-7.el8" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-psycopg2", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-psycopg2?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.7.5-7.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-py", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.5.3-6.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-py", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-py?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.5.3-6.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pygments", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pygments?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2.2.0-20.module+el8.3.0+120+426d8baf" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-PyMySQL", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.8.0-10.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-PyMySQL", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-PyMySQL?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:0.8.0-10.module+el8.3.0+120+426d8baf" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pysocks", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.6.8-6.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pysocks", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pysocks?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.6.8-6.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-pytest-mock", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-pytest-mock?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.9.0-4.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "python-setuptools_scm", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/python-setuptools_scm?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:1.15.7-6.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "pytz", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2017.2-12.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "pytz", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/pytz?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:2017.2-12.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "PyYAML", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.12-16.module+el8.5.0+706+735ec4b3" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + }, + { + "package": { + "name": "PyYAML", + "ecosystem": "Rocky Linux:8", + "purl": "pkg:rpm/rocky-linux/PyYAML?distro=rocky-linux-8-4-legacy&epoch=0" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0:3.12-16.module+el8.4.0+403+9ae17a31" + } + ] + } + ], + "database_specific": { + "source": "https://storage.googleapis.com/resf-osv-data/RLSA-2019:0981.json" + }, + "versions": [] + } + ], + "schema_version": "1.6.0", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ], + "credits": [ + { + "name": "Rocky Enterprise Software Foundation" + }, + { + "name": "Red Hat" + } + ] +} \ No newline at end of file