diff --git a/file.vex b/file.vex deleted file mode 100644 index 7d56003f1..000000000 --- a/file.vex +++ /dev/null @@ -1,1378 +0,0 @@ -{ - "@context": "https://openvex.dev/ns", - "@id": "https://openvex.dev/docs/public/vex-0b3cc3ffe9e303c8cad4b933d7c0efe7b4a2e8d37c0496a5035194ffc71f5e76", - "author": "Project Copacetic", - "role": "", - "timestamp": "2023-08-24T22:37:46.650885292Z", - "version": "0.1", - "tooling": "Project Copacetic", - "statements": [ - { - "vulnerability": "CVE-2022-32221", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-22946", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22576", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27781", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27782", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-27533", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-22947", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27774", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27776", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-32206", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-32208", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-43552", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-23916", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-27535", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-27536", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-27538", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-22898", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-22924", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-35252", - "products": [ - "pkg:deb/debian/curl@7.64.0-4+deb10u2?amd64", - "pkg:deb/debian/libcurl4@7.64.0-4+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3482-1", - "products": [ - "pkg:deb/debian/debian-archive-keyring@2019.1+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-1664", - "products": [ - "pkg:deb/debian/dpkg@1.19.7?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-34903", - "products": [ - "pkg:deb/debian/gpgv@2.2.12-1+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-1271", - "products": [ - "pkg:deb/debian/gzip@1.9-3?amd64", - "pkg:deb/debian/liblzma5@5.2.4-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3112-1", - "products": [ - "pkg:deb/debian/libbz2-1.0@1.0.6-9.2~deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-33574", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-35942", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-23218", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-23219", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-1752", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-6096", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3326", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3999", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2016-10228", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2019-25013", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-10029", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-27618", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2019-19126", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-27645", - "products": [ - "pkg:deb/debian/libc-bin@2.28-10?amd64", - "pkg:deb/debian/libc6@2.28-10?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22822", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22823", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22824", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-23852", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-25235", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-25236", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-25315", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-45960", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-46143", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22825", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22826", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22827", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-23990", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-25314", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-40674", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-43680", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-25313", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DSA-5085-2", - "products": [ - "pkg:deb/debian/libexpat1@2.2.6-2+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27404", - "products": [ - "pkg:deb/debian/libfreetype6@2.9.1-3+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27405", - "products": [ - "pkg:deb/debian/libfreetype6@2.9.1-3+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-27406", - "products": [ - "pkg:deb/debian/libfreetype6@2.9.1-3+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-40528", - "products": [ - "pkg:deb/debian/libgcrypt20@1.8.4-5?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-43618", - "products": [ - "pkg:deb/debian/libgmp10@2:6.1.2+dfsg-4?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-20231", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-20232", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-24659", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2509", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0361", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-4209", - "products": [ - "pkg:deb/debian/libgnutls30@3.6.7-4+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-36222", - "products": [ - "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libk5crypto3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5-3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5support0@1.17-3+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-42898", - "products": [ - "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libk5crypto3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5-3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5support0@1.17-3+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-37750", - "products": [ - "pkg:deb/debian/libgssapi-krb5-2@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libk5crypto3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5-3@1.17-3+deb10u1?amd64", - "pkg:deb/debian/libkrb5support0@1.17-3+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-20305", - "products": [ - "pkg:deb/debian/libhogweed4@3.4.1-1?amd64", - "pkg:deb/debian/libnettle6@3.4.1-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3580", - "products": [ - "pkg:deb/debian/libhogweed4@3.4.1-1?amd64", - "pkg:deb/debian/libnettle6@3.4.1-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-21913", - "products": [ - "pkg:deb/debian/libicu63@63.1-6+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-29155", - "products": [ - "pkg:deb/debian/libldap-2.4-2@2.4.47+dfsg-3+deb10u6?amd64", - "pkg:deb/debian/libldap-common@2.4.47+dfsg-3+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3520", - "products": [ - "pkg:deb/debian/liblz4-1@1.8.3-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-29458", - "products": [ - "pkg:deb/debian/libncursesw6@6.1+20181013-2+deb10u2?amd64", - "pkg:deb/debian/libtinfo6@6.1+20181013-2+deb10u2?amd64", - "pkg:deb/debian/ncurses-base@6.1+20181013-2+deb10u2?amd64", - "pkg:deb/debian/ncurses-bin@6.1+20181013-2+deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-24407", - "products": [ - "pkg:deb/debian/libsasl2-2@2.1.27+dfsg-1+deb10u1?amd64", - "pkg:deb/debian/libsasl2-modules-db@2.1.27+dfsg-1+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3711", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-1292", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2068", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3712", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0778", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-4450", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0215", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0286", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0464", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-2650", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-4160", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2097", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-4304", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0465", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0466", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-3446", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-3817", - "products": [ - "pkg:deb/debian/libssl1.1@1.1.1d-0+deb10u6?amd64", - "pkg:deb/debian/openssl@1.1.1d-0+deb10u6?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-26604", - "products": [ - "pkg:deb/debian/libsystemd0@241-7~deb10u7?amd64", - "pkg:deb/debian/libudev1@241-7~deb10u7?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-33910", - "products": [ - "pkg:deb/debian/libsystemd0@241-7~deb10u7?amd64", - "pkg:deb/debian/libudev1@241-7~deb10u7?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3821", - "products": [ - "pkg:deb/debian/libsystemd0@241-7~deb10u7?amd64", - "pkg:deb/debian/libudev1@241-7~deb10u7?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-46848", - "products": [ - "pkg:deb/debian/libtasn1-6@4.13-3?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0891", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3970", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-25434", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-19143", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0561", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0562", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0865", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0907", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0908", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0909", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-0924", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-1354", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-1355", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2056", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2057", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2058", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-22844", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2867", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2868", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-2869", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-34526", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3570", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3597", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3598", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3599", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3626", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-3627", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-4645", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-48281", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0795", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0796", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0797", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0798", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0799", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0800", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0801", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0802", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0803", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-0804", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-25433", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-25435", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-26965", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-26966", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-2908", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-30086", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-30774", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-3316", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-3618", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-38288", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-38289", - "products": [ - "pkg:deb/debian/libtiff5@4.1.0+git191117-2~deb10u2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25009", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25010", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25011", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25012", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25013", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25014", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-36328", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-36329", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-36330", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-36331", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-36332", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-1999", - "products": [ - "pkg:deb/debian/libwebp6@0.6.1-2?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-31535", - "products": [ - "pkg:deb/debian/libx11-6@2:1.6.7-1+deb10u1?amd64", - "pkg:deb/debian/libx11-data@2:1.6.7-1+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-3138", - "products": [ - "pkg:deb/debian/libx11-6@2:1.6.7-1+deb10u1?amd64", - "pkg:deb/debian/libx11-data@2:1.6.7-1+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3516", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3517", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3518", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-23308", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-40303", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-40304", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3537", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-3541", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-29824", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-28484", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2023-29469", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2020-24977", - "products": [ - "pkg:deb/debian/libxml2@2.9.4+dfsg1-7+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-44617", - "products": [ - "pkg:deb/debian/libxpm4@1:3.5.12-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-46285", - "products": [ - "pkg:deb/debian/libxpm4@1:3.5.12-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-4883", - "products": [ - "pkg:deb/debian/libxpm4@1:3.5.12-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2019-5815", - "products": [ - "pkg:deb/debian/libxslt1.1@1.1.32-2.2~deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2021-30560", - "products": [ - "pkg:deb/debian/libxslt1.1@1.1.32-2.2~deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3134-1", - "products": [ - "pkg:deb/debian/tzdata@2021a-0+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3161-1", - "products": [ - "pkg:deb/debian/tzdata@2021a-0+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3366-1", - "products": [ - "pkg:deb/debian/tzdata@2021a-0+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "DLA-3412-1", - "products": [ - "pkg:deb/debian/tzdata@2021a-0+deb10u1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2022-37434", - "products": [ - "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-1?amd64" - ], - "status": "fixed" - }, - { - "vulnerability": "CVE-2018-25032", - "products": [ - "pkg:deb/debian/zlib1g@1:1.2.11.dfsg-1?amd64" - ], - "status": "fixed" - } - ] -} diff --git a/pkg/vex/vex_test.go b/pkg/vex/vex_test.go new file mode 100644 index 000000000..e349c5d7a --- /dev/null +++ b/pkg/vex/vex_test.go @@ -0,0 +1,55 @@ +package vex + +import ( + "testing" + + "github.com/project-copacetic/copacetic/pkg/buildkit" + "github.com/project-copacetic/copacetic/pkg/pkgmgr" + "github.com/project-copacetic/copacetic/pkg/types" +) + +func TestTryOutputVexDocument(t *testing.T) { + config := &buildkit.Config{} + workingFolder := "/tmp" + alpineManager, _ := pkgmgr.GetPackageManager("alpine", config, workingFolder) + + type args struct { + updates *types.UpdateManifest + pkgmgr pkgmgr.PackageManager + format string + file string + } + tests := []struct { + name string + args args + wantErr bool + }{ + { + name: "invalid format", + args: args{ + updates: &types.UpdateManifest{}, + pkgmgr: nil, + format: "fakevex", + file: "", + }, + wantErr: true, + }, + { + name: "valid format", + args: args{ + updates: &types.UpdateManifest{}, + pkgmgr: alpineManager, + format: "openvex", + file: "/tmp/test", + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if err := TryOutputVexDocument(tt.args.updates, tt.args.pkgmgr, tt.args.format, tt.args.file); (err != nil) != tt.wantErr { + t.Errorf("TryOutputVexDocument() error = %v, wantErr %v", err, tt.wantErr) + } + }) + } +} diff --git a/website/docs/output.md b/website/docs/output.md new file mode 100644 index 000000000..b3939f67d --- /dev/null +++ b/website/docs/output.md @@ -0,0 +1,46 @@ +--- +title: Output +--- + +Copa optionally outputs a Vulnerability Exploitability eXchange (VEX) file as a result of the patching process to surface the vulnerabilities and packages that were patched. + +Currently, Copa supports the OpenVEX format, but it can be extended to support other formats as well. + +## OpenVEX + +OpenVEX is an implementation of Vulnerability Exploitability eXchange (VEX) format. For more information, see [OpenVEX specification](https://github.com/openvex/spec/). + +To generate a VEX document using OpenVEX, use `--format="openvex"` flag, and use `--output` to specify a file path. For example: + +```bash +copa patch -i docker.io/library/nginx:1.21.6 -r nginx.1.21.6.json -t 1.21.6-patched --format="openvex" --output "nginx.1.21.6-vex.json" +``` + +This will generate a VEX Document that looks like: + +```json +{ + "@context": "https://openvex.dev/ns", + "@id": "https://openvex.dev/docs/public/vex-6776bfe4124807727d1a9fa90af438838efcf4454c4ed28253a3063ed64210a0", + "author": "Project Copacetic", + "role": "", + "timestamp": "2023-08-24T23:04:51.41869446Z", + "version": "0.1", + "tooling": "Project Copacetic", + "statements": [ + { + "vulnerability": "CVE-2021-3995", + "products": [ + "pkg:deb/debian/bsdutils@1:2.36.1-8?amd64", + "pkg:deb/debian/libblkid1@2.36.1-8?amd64", + "pkg:deb/debian/libmount1@2.36.1-8?amd64", + "pkg:deb/debian/libsmartcols1@2.36.1-8?amd64", + "pkg:deb/debian/libuuid1@2.36.1-8?amd64", + "pkg:deb/debian/mount@2.36.1-8?amd64", + "pkg:deb/debian/util-linux@2.36.1-8?amd64" + ], + "status": "fixed" + }, + ... +} +``` \ No newline at end of file