diff --git a/vulnerabilities/importers/rockylinux.py b/vulnerabilities/importers/rockylinux.py index d7573cad4..ce9ef4a99 100644 --- a/vulnerabilities/importers/rockylinux.py +++ b/vulnerabilities/importers/rockylinux.py @@ -81,40 +81,55 @@ def to_advisory(advisory_data): Example: >>> advisory_data = { - ... "name": "CVE-2023-1234", - ... "publishedAt": "2023-08-20T12:34:56Z", - ... "description": "A vulnerability in the system.", - ... "affectedProducts": ["product1"], + ... "name": "RLSA-2021:4364", + ... "publishedAt": "2021-11-09T09:11:20Z", + ... "description": "The binutils packages provide a collection of binary utilities for the manipulation", + ... "affectedProducts": ["Rocky Linux 8"], ... "rpms": { - ... "product1": { + ... "Rocky Linux 8": { ... "nvras": [ - ... "package-1.0-1.el8.x86_64.rpm", - ... "package-2.0-1.el8.noarch.rpm" + ... "gfs2-utils-0:3.2.0-11.el8.aarch64.rpm", + ... "gfs2-utils-0:3.2.0-11.el8.src.rpm", + ... "gfs2-utils-0:3.2.0-11.el8.x86_64.rpm", + ... "gfs2-utils-debuginfo-0:3.2.0-11.el8.aarch64.rpm", + ... "gfs2-utils-debuginfo-0:3.2.0-11.el8.x86_64.rpm", + ... "gfs2-utils-debugsource-0:3.2.0-11.el8.aarch64.rpm", + ... "gfs2-utils-debugsource-0:3.2.0-11.el8.x86_64.rpm" ... ] ... } ... }, ... "fixes": [ - ... {"sourceLink": "http://example.com/fix", "ticket": "12345"} + ... { + ... "ticket": "1942434", + ... "sourceBy": "Red Hat", + ... "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1942434", + ... "description": "" + ... } ... ], ... "cves": [ ... { - ... "name": "CVE-2023-1234", - ... "cvss3BaseScore": "7.5", - ... "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - ... "sourceLink": "http://example.com/cve" + ... "name": "CVE-2021-3487", + ... "sourceBy": "MITRE", + ... "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487", + ... "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + ... "cvss3BaseScore": "6.5", + ... "cwe": "CWE-20->CWE-400" ... } ... ] ... } >>> advisory = to_advisory(advisory_data) >>> advisory.aliases - 'CVE-2023-1234' + 'RLSA-2021:4364' >>> advisory.date_published.year - 2023 + 2021 >>> len(advisory.affected_packages) - 2 + 7 >>> len(advisory.references) 2 + >>> advisory.weaknesses + [400, 20] """ + aliases = advisory_data.get("name") or "" date_published = dateparser.parse(advisory_data.get("publishedAt", "")) @@ -162,20 +177,15 @@ def to_advisory(advisory_data): continue if "CVE" in name.upper(): - severity_vector_pattern = r"CVSS:3\.1/([A-Z:/]+)" severities = VulnerabilitySeverity( system=severity_systems.CVSSV31, value=ref.get("cvss3BaseScore", ""), - scoring_elements=re.findall( - severity_vector_pattern, ref.get("cvss3ScoringVector", "") - ), + scoring_elements=ref.get("cvss3ScoringVector", "") + if ref.get("cvss3ScoringVector", "") != "UNKNOWN" + else "", ) references.append( - Reference( - severities=[severities], - url=ref.get("sourceLink", ""), - reference_id=name, - ) + Reference(severities=[severities], url=ref.get("sourceLink", ""), reference_id=name) ) return AdvisoryData( @@ -223,11 +233,11 @@ def get_cwes_from_rockylinux_advisory(advisory_data) -> [int]: ... "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43548", ... "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", ... "cvss3BaseScore": "7.5", - ... "cwe": "CWE-350" + ... "cwe": "CWE-20 -> CWE-400" ... } ... ]} >>> get_cwes_from_rockylinux_advisory(advisory_data) - [1321, 400, 350] + [400, 1321, 20] >>> get_cwes_from_rockylinux_advisory({"cves": [{"name": "CVE-1234-1234","cwe": "None"}]}) [] """ @@ -247,4 +257,5 @@ def get_cwes_from_rockylinux_advisory(advisory_data) -> [int]: weaknesses.append(cwe_id) except ValueError: logger.error("Invalid CWE id") - return weaknesses + unique_set = set(weaknesses) + return list(unique_set) diff --git a/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected1.json b/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected1.json index bc1ba6fb2..3dcee4ed7 100644 --- a/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected1.json +++ b/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected1.json @@ -1,461 +1,455 @@ { - "aliases": "RLSA-2022:2013", - "summary": "OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es):\n\n* openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh", - "version": "", - "qualifiers": "arch=src", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-askpass", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-askpass", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-askpass-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-askpass-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-cavs", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-cavs", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-cavs-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-cavs-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-clients", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-clients", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-clients-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-clients-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-debugsource", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-debugsource", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-keycat", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-keycat", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-keycat-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-keycat-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-ldap", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-ldap", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-ldap-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-ldap-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-server", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-server", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-server-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "openssh-server-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/8.0p1-13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "pam_ssh_agent_auth", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/0.10.3-7.13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "pam_ssh_agent_auth", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/0.10.3-7.13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "pam_ssh_agent_auth-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/0.10.3-7.13.el8", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "pam_ssh_agent_auth-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/0.10.3-7.13.el8", - "fixed_version": null - } - ], - "references": [ - { - "reference_id": "2008291", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291", - "severities": [] - }, - { - "reference_id": "2015828", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015828", - "severities": [] - }, - { - "reference_id": "CVE-2021-41617", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617", - "severities": [ - { - "system": "cvssv3.1", - "value": "7.0", - "scoring_elements": [ - "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" - ] - } - ] + "aliases": "RLSA-2022:2013", + "summary": "OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es):\n\n* openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh", + "version": "", + "qualifiers": "arch=src", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-askpass", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-askpass", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-askpass-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-askpass-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-cavs", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-cavs", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-cavs-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-cavs-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-clients", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-clients", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-clients-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-clients-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-debugsource", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-debugsource", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-keycat", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-keycat", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-keycat-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-keycat-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-ldap", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-ldap", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-ldap-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-ldap-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-server", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-server", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-server-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "openssh-server-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/8.0p1-13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "pam_ssh_agent_auth", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/0.10.3-7.13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "pam_ssh_agent_auth", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/0.10.3-7.13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "pam_ssh_agent_auth-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/0.10.3-7.13.el8", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "pam_ssh_agent_auth-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/0.10.3-7.13.el8", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "2008291", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008291", + "severities": [] + }, + { + "reference_id": "2015828", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015828", + "severities": [] + }, + { + "reference_id": "CVE-2021-41617", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617", + "severities": [ + { + "system": "cvssv3.1", + "value": "7.0", + "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } - ], - "date_published": "2022-05-10T06:45:24+00:00", - "weaknesses": [ - 273, - 123, - 546 - ], - "url": "https://errata.rockylinux.org/RLSA-2022:2013" -} \ No newline at end of file + ] + } + ], + "date_published": "2022-05-10T06:45:24+00:00", + "weaknesses": [273, 546, 123], + "url": "https://errata.rockylinux.org/RLSA-2022:2013" +} diff --git a/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected2.json b/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected2.json index 51b710681..308bda6d8 100644 --- a/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected2.json +++ b/vulnerabilities/tests/test_data/rockylinux/rockylinux_expected2.json @@ -1,257 +1,221 @@ { - "aliases": "RLSA-2024:1494", - "summary": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n\n* Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)\n\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", - "affected_packages": [ - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird", - "version": "", - "qualifiers": "arch=src", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird-debuginfo", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird-debuginfo", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird-debugsource", - "version": "", - "qualifiers": "arch=aarch64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - }, - { - "package": { - "type": "rpm", - "namespace": "rocky-linux", - "name": "thunderbird-debugsource", - "version": "", - "qualifiers": "arch=x86_64", - "subpath": "" - }, - "affected_version_range": "vers:rpm/115.9.0-1.el8_9", - "fixed_version": null - } - ], - "references": [ - { - "reference_id": "2243644", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243644", - "severities": [] - }, - { - "reference_id": "2260012", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260012", - "severities": [] - }, - { - "reference_id": "2268171", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268171", - "severities": [] - }, - { - "reference_id": "2270660", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270660", - "severities": [] - }, - { - "reference_id": "2270661", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270661", - "severities": [] - }, - { - "reference_id": "2270663", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270663", - "severities": [] - }, - { - "reference_id": "2270664", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270664", - "severities": [] - }, - { - "reference_id": "2270665", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270665", - "severities": [] - }, - { - "reference_id": "2270666", - "reference_type": "", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270666", - "severities": [] - }, - { - "reference_id": "CVE-2023-5388", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-0743", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-1936", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2607", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2608", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2610", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2611", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2612", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - }, - { - "reference_id": "CVE-2024-2614", - "reference_type": "", - "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614", - "severities": [ - { - "system": "cvssv3.1", - "value": "UNKNOWN", - "scoring_elements": [] - } - ] - } - ], - "date_published": "2024-03-27T04:34:32.999941+00:00", - "weaknesses": [], - "url": "https://errata.rockylinux.org/RLSA-2024:1494" -} \ No newline at end of file + "aliases": "RLSA-2024:1494", + "summary": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 115.9.0.\n\nSecurity Fix(es):\n\n* nss: timing attack against RSA decryption (CVE-2023-5388)\n\n* Mozilla: Crash in NSS TLS method (CVE-2024-0743)\n\n* Mozilla: Leaking of encrypted email subjects to other conversations (CVE-2024-1936)\n\n* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)\n\n* Mozilla: Integer overflow could have led to out of bounds write\n(CVE-2024-2608)\n\n* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage\n(CVE-2024-2610)\n\n* Mozilla: Clickjacking vulnerability could have led to a user accidentally\ngranting permissions (CVE-2024-2611)\n\n* Mozilla: Self referencing object could have potentially led to a\nuse-after-free (CVE-2024-2612)\n\n* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and\nThunderbird 115.9 (CVE-2024-2614)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", + "affected_packages": [ + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird", + "version": "", + "qualifiers": "arch=src", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird-debuginfo", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird-debuginfo", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird-debugsource", + "version": "", + "qualifiers": "arch=aarch64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + }, + { + "package": { + "type": "rpm", + "namespace": "rocky-linux", + "name": "thunderbird-debugsource", + "version": "", + "qualifiers": "arch=x86_64", + "subpath": "" + }, + "affected_version_range": "vers:rpm/115.9.0-1.el8_9", + "fixed_version": null + } + ], + "references": [ + { + "reference_id": "2243644", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243644", + "severities": [] + }, + { + "reference_id": "2260012", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260012", + "severities": [] + }, + { + "reference_id": "2268171", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268171", + "severities": [] + }, + { + "reference_id": "2270660", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270660", + "severities": [] + }, + { + "reference_id": "2270661", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270661", + "severities": [] + }, + { + "reference_id": "2270663", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270663", + "severities": [] + }, + { + "reference_id": "2270664", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270664", + "severities": [] + }, + { + "reference_id": "2270665", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270665", + "severities": [] + }, + { + "reference_id": "2270666", + "reference_type": "", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270666", + "severities": [] + }, + { + "reference_id": "CVE-2023-5388", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-0743", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-1936", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2607", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2608", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2610", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2611", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2612", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + }, + { + "reference_id": "CVE-2024-2614", + "reference_type": "", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614", + "severities": [ + { "system": "cvssv3.1", "value": "UNKNOWN", "scoring_elements": "" } + ] + } + ], + "date_published": "2024-03-27T04:34:32.999941+00:00", + "weaknesses": [], + "url": "https://errata.rockylinux.org/RLSA-2024:1494" +}