feat: add security sink detection patterns for JavaScript/TypeScript
- Introduced `sink-detect.js` with various security sink detection patterns categorized by type (e.g., command injection, SQL injection, file operations). - Implemented functions to build a lookup map for fast sink detection and to match sink calls against known patterns. - Added `package-lock.json` for dependency management.
This commit is contained in:
StellaOps Bot
@@ -327,7 +327,7 @@ public sealed class AlpineConnector : IFeedConnector
|
||||
}
|
||||
}
|
||||
|
||||
private static string[] NormalizeList(string[] values)
|
||||
private static string[] NormalizeList(string[]? values)
|
||||
{
|
||||
if (values is null || values.Length == 0)
|
||||
{
|
||||
|
||||
@@ -14,13 +14,25 @@ public sealed class AlpineOptions
|
||||
|
||||
/// <summary>
|
||||
/// Releases to fetch (for example: v3.18, v3.19, v3.20, edge).
|
||||
/// Defaults to v3.18, v3.19, v3.20, edge if not configured.
|
||||
/// </summary>
|
||||
public string[] Releases { get; set; } = new[] { "v3.18", "v3.19", "v3.20", "edge" };
|
||||
public string[]? Releases { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Repository names to fetch (for example: main, community).
|
||||
/// Defaults to main, community if not configured.
|
||||
/// </summary>
|
||||
public string[] Repositories { get; set; } = new[] { "main", "community" };
|
||||
public string[]? Repositories { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Default Alpine releases if none are configured.
|
||||
/// </summary>
|
||||
public static readonly string[] DefaultReleases = ["v3.18", "v3.19", "v3.20", "edge"];
|
||||
|
||||
/// <summary>
|
||||
/// Default Alpine repositories if none are configured.
|
||||
/// </summary>
|
||||
public static readonly string[] DefaultRepositories = ["main", "community"];
|
||||
|
||||
/// <summary>
|
||||
/// Cap on release+repo documents fetched in a single run.
|
||||
@@ -64,12 +76,16 @@ public sealed class AlpineOptions
|
||||
throw new InvalidOperationException("RequestDelay must be between 0 and 10 seconds.");
|
||||
}
|
||||
|
||||
if (Releases is null || Releases.Length == 0 || Releases.All(static value => string.IsNullOrWhiteSpace(value)))
|
||||
// Apply defaults for releases/repositories if not configured
|
||||
Releases ??= DefaultReleases;
|
||||
Repositories ??= DefaultRepositories;
|
||||
|
||||
if (Releases.Length == 0 || Releases.All(static value => string.IsNullOrWhiteSpace(value)))
|
||||
{
|
||||
throw new InvalidOperationException("At least one Alpine release must be configured.");
|
||||
}
|
||||
|
||||
if (Repositories is null || Repositories.Length == 0 || Repositories.All(static value => string.IsNullOrWhiteSpace(value)))
|
||||
if (Repositories.Length == 0 || Repositories.All(static value => string.IsNullOrWhiteSpace(value)))
|
||||
{
|
||||
throw new InvalidOperationException("At least one Alpine repository must be configured.");
|
||||
}
|
||||
|
||||
@@ -1,12 +1,14 @@
|
||||
namespace StellaOps.Concelier.Merge.Comparers;
|
||||
|
||||
using System;
|
||||
using System.Collections.Immutable;
|
||||
using StellaOps.Concelier.Normalization.Distro;
|
||||
using StellaOps.VersionComparison;
|
||||
|
||||
/// <summary>
|
||||
/// Compares Alpine APK package versions using apk-tools ordering rules.
|
||||
/// </summary>
|
||||
public sealed class ApkVersionComparer : IComparer<ApkVersion>, IComparer<string>
|
||||
public sealed class ApkVersionComparer : IVersionComparator, IComparer<ApkVersion>, IComparer<string>
|
||||
{
|
||||
public static ApkVersionComparer Instance { get; } = new();
|
||||
|
||||
@@ -14,6 +16,9 @@ public sealed class ApkVersionComparer : IComparer<ApkVersion>, IComparer<string
|
||||
{
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public ComparatorType ComparatorType => ComparatorType.Apk;
|
||||
|
||||
public int Compare(string? x, string? y)
|
||||
{
|
||||
if (ReferenceEquals(x, y))
|
||||
@@ -96,6 +101,101 @@ public sealed class ApkVersionComparer : IComparer<ApkVersion>, IComparer<string
|
||||
return 0;
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
public VersionComparisonResult CompareWithProof(string? left, string? right)
|
||||
{
|
||||
var proofLines = new List<string>();
|
||||
|
||||
if (left is null && right is null)
|
||||
{
|
||||
proofLines.Add("Both versions are null: equal");
|
||||
return new VersionComparisonResult(0, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
if (left is null)
|
||||
{
|
||||
proofLines.Add("Left version is null: less than right");
|
||||
return new VersionComparisonResult(-1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
if (right is null)
|
||||
{
|
||||
proofLines.Add("Right version is null: left is greater");
|
||||
return new VersionComparisonResult(1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
var leftParsed = ApkVersion.TryParse(left, out var leftVer);
|
||||
var rightParsed = ApkVersion.TryParse(right, out var rightVer);
|
||||
|
||||
if (!leftParsed || !rightParsed)
|
||||
{
|
||||
if (!leftParsed && !rightParsed)
|
||||
{
|
||||
var cmp = string.Compare(left, right, StringComparison.Ordinal);
|
||||
proofLines.Add($"Both versions invalid, fallback to string comparison: {ResultString(cmp)}");
|
||||
return new VersionComparisonResult(cmp, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
if (!leftParsed)
|
||||
{
|
||||
proofLines.Add("Left version invalid, right valid: left is less");
|
||||
return new VersionComparisonResult(-1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
proofLines.Add("Right version invalid, left valid: left is greater");
|
||||
return new VersionComparisonResult(1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
// Compare version string
|
||||
var versionCmp = CompareVersionStringWithProof(leftVer!.Version, rightVer!.Version, "Version", proofLines);
|
||||
if (versionCmp != 0)
|
||||
{
|
||||
return new VersionComparisonResult(versionCmp, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
// Compare pkgrel
|
||||
var pkgRelCmp = leftVer.PkgRel.CompareTo(rightVer.PkgRel);
|
||||
if (pkgRelCmp != 0)
|
||||
{
|
||||
proofLines.Add($"Package release: r{leftVer.PkgRel} {CompareSymbol(pkgRelCmp)} r{rightVer.PkgRel} ({ResultString(pkgRelCmp)})");
|
||||
return new VersionComparisonResult(pkgRelCmp, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
proofLines.Add($"Package release: r{leftVer.PkgRel} == r{rightVer.PkgRel} (equal)");
|
||||
|
||||
// Compare explicit vs implicit pkgrel
|
||||
if (!leftVer.HasExplicitPkgRel && rightVer.HasExplicitPkgRel)
|
||||
{
|
||||
proofLines.Add("Left has implicit -r0, right has explicit -r0: left is older");
|
||||
return new VersionComparisonResult(-1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
if (leftVer.HasExplicitPkgRel && !rightVer.HasExplicitPkgRel)
|
||||
{
|
||||
proofLines.Add("Left has explicit -r0, right has implicit -r0: left is newer");
|
||||
return new VersionComparisonResult(1, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
return new VersionComparisonResult(0, [.. proofLines], ComparatorType.Apk);
|
||||
}
|
||||
|
||||
private static int CompareVersionStringWithProof(string left, string right, string segmentName, List<string> proofLines)
|
||||
{
|
||||
var cmp = CompareVersionString(left, right);
|
||||
if (cmp == 0)
|
||||
{
|
||||
proofLines.Add($"{segmentName}: {left} == {right} (equal)");
|
||||
}
|
||||
else
|
||||
{
|
||||
proofLines.Add($"{segmentName}: {left} {CompareSymbol(cmp)} {right} ({ResultString(cmp)})");
|
||||
}
|
||||
return cmp;
|
||||
}
|
||||
|
||||
private static string CompareSymbol(int cmp) => cmp < 0 ? "<" : cmp > 0 ? ">" : "==";
|
||||
|
||||
private static string ResultString(int cmp) => cmp < 0 ? "left is older" : cmp > 0 ? "left is newer" : "equal";
|
||||
|
||||
private static int CompareVersionString(string left, string right)
|
||||
{
|
||||
var leftIndex = 0;
|
||||
|
||||
@@ -1,10 +1,17 @@
|
||||
namespace StellaOps.Concelier.Merge.Comparers;
|
||||
|
||||
using StellaOps.VersionComparison;
|
||||
|
||||
/// <summary>
|
||||
/// Provides version comparison with optional proof output.
|
||||
/// </summary>
|
||||
public interface IVersionComparator
|
||||
{
|
||||
/// <summary>
|
||||
/// The type of comparator (for UI display and evidence recording).
|
||||
/// </summary>
|
||||
ComparatorType ComparatorType { get; }
|
||||
|
||||
/// <summary>
|
||||
/// Compares two version strings.
|
||||
/// </summary>
|
||||
|
||||
@@ -1,10 +1,37 @@
|
||||
namespace StellaOps.Concelier.Merge.Comparers;
|
||||
|
||||
using System.Collections.Immutable;
|
||||
using StellaOps.VersionComparison;
|
||||
|
||||
/// <summary>
|
||||
/// Result of a version comparison with explainability proof lines.
|
||||
/// </summary>
|
||||
/// <param name="Comparison">Negative if left < right, zero if equal, positive if left > right.</param>
|
||||
/// <param name="ProofLines">Human-readable explanation of comparison steps.</param>
|
||||
/// <param name="Comparator">The comparator type used.</param>
|
||||
public sealed record VersionComparisonResult(
|
||||
int Comparison,
|
||||
ImmutableArray<string> ProofLines);
|
||||
ImmutableArray<string> ProofLines,
|
||||
ComparatorType Comparator)
|
||||
{
|
||||
/// <summary>
|
||||
/// True if the left version is less than the right version.
|
||||
/// </summary>
|
||||
public bool IsLessThan => Comparison < 0;
|
||||
|
||||
/// <summary>
|
||||
/// True if the left version equals the right version.
|
||||
/// </summary>
|
||||
public bool IsEqual => Comparison == 0;
|
||||
|
||||
/// <summary>
|
||||
/// True if the left version is greater than the right version.
|
||||
/// </summary>
|
||||
public bool IsGreaterThan => Comparison > 0;
|
||||
|
||||
/// <summary>
|
||||
/// True if the left version is greater than or equal to the right version.
|
||||
/// Useful for checking if installed >= fixed.
|
||||
/// </summary>
|
||||
public bool IsGreaterThanOrEqual => Comparison >= 0;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.18/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.18/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42363",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42363:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42363",
|
||||
"alpine/cve-2023-42363"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42363",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42363"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r7",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r7",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox:1.36.1-r7",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r7",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r7",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42366",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.18/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r6",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.18",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r6",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox:1.36.1-r6",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r6",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r6",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.18/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42366:v3.18/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42366",
|
||||
"alpine/cve-2023-42366"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:00:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42366",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:00:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.18/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:00:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.18/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42366"
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.19/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.19/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r19",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r19",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox:1.36.1-r19",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r19",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r19",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r19",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r19",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox:1.36.1-r19",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r19",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r19",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2024-58251",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r21",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r21",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox:1.36.1-r21",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r21",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r21",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2024-58251",
|
||||
"alpine/cve-2024-58251"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2024-58251",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2024-58251"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2025-46394",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.19/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r21",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.19",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r21",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox:1.36.1-r21",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r21",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r21",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.19/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.19/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2025-46394",
|
||||
"alpine/cve-2025-46394"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:10:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2025-46394",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:10:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.19/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:10:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.19/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2025-46394"
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,994 @@
|
||||
[
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2018-25032",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.11-r4",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.11-r4",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib:1.2.11-r4",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.11-r4",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.11-r4",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2018-25032:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2018-25032",
|
||||
"alpine/cve-2018-25032"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2018-25032",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2018-25032"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-30139",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.5-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.5-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools:2.12.5-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.5-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.5-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-30139:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-30139",
|
||||
"alpine/cve-2021-30139"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-30139",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-30139"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2021-36159",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "apk-tools",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "2.12.6-r0",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "2.12.6-r0",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools:2.12.6-r0",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:2.12.6-r0",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "2.12.6-r0",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2021-36159:v3.20/main:apk-tools",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2021-36159",
|
||||
"alpine/cve-2021-36159"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2021-36159",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2021-36159"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2022-37434",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "zlib",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.2.12-r2",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.2.12-r2",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib:1.2.12-r2",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.2.12-r2",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.2.12-r2",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2022-37434:v3.20/main:zlib",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2022-37434",
|
||||
"alpine/cve-2022-37434"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2022-37434",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2022-37434"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42364",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r29",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r29",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox:1.36.1-r29",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r29",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r29",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42364:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42364",
|
||||
"alpine/cve-2023-42364"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42364",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42364"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2023-42365",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r29",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r29",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox:1.36.1-r29",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r29",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r29",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2023-42365:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2023-42365",
|
||||
"alpine/cve-2023-42365"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2023-42365",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2023-42365"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2024-58251",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r31",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r31",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox:1.36.1-r31",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r31",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r31",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2024-58251:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2024-58251",
|
||||
"alpine/cve-2024-58251"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2024-58251",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2024-58251"
|
||||
},
|
||||
{
|
||||
"advisoryKey": "alpine/cve-2025-46394",
|
||||
"affectedPackages": [
|
||||
{
|
||||
"type": "apk",
|
||||
"identifier": "busybox",
|
||||
"platform": "v3.20/main",
|
||||
"versionRanges": [
|
||||
{
|
||||
"fixedVersion": "1.36.1-r31",
|
||||
"introducedVersion": null,
|
||||
"lastAffectedVersion": null,
|
||||
"primitives": {
|
||||
"evr": null,
|
||||
"hasVendorExtensions": true,
|
||||
"nevra": null,
|
||||
"semVer": null,
|
||||
"vendorExtensions": {
|
||||
"alpine.distroversion": "v3.20",
|
||||
"alpine.repo": "main",
|
||||
"alpine.fixed": "1.36.1-r31",
|
||||
"alpine.urlprefix": "https://dl-cdn.alpinelinux.org/alpine"
|
||||
}
|
||||
},
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "range",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox:1.36.1-r31",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"rangeExpression": "fixed:1.36.1-r31",
|
||||
"rangeKind": "apk"
|
||||
}
|
||||
],
|
||||
"normalizedVersions": [
|
||||
{
|
||||
"scheme": "apk",
|
||||
"type": "lt",
|
||||
"min": null,
|
||||
"minInclusive": null,
|
||||
"max": "1.36.1-r31",
|
||||
"maxInclusive": false,
|
||||
"value": null,
|
||||
"notes": "alpine:v3.20/main"
|
||||
}
|
||||
],
|
||||
"statuses": [
|
||||
{
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"status": "fixed"
|
||||
}
|
||||
],
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "affected",
|
||||
"value": "CVE-2025-46394:v3.20/main:busybox",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"aliases": [
|
||||
"CVE-2025-46394",
|
||||
"alpine/cve-2025-46394"
|
||||
],
|
||||
"canonicalMetricId": null,
|
||||
"credits": [],
|
||||
"cvssMetrics": [],
|
||||
"cwes": [],
|
||||
"description": null,
|
||||
"exploitKnown": false,
|
||||
"language": "en",
|
||||
"modified": "2025-12-22T00:20:00+00:00",
|
||||
"provenance": [
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "document",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
{
|
||||
"source": "distro-alpine",
|
||||
"kind": "mapping",
|
||||
"value": "alpine/cve-2025-46394",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
}
|
||||
],
|
||||
"published": "2025-12-22T00:20:00+00:00",
|
||||
"references": [
|
||||
{
|
||||
"kind": "advisory",
|
||||
"provenance": {
|
||||
"source": "distro-alpine",
|
||||
"kind": "reference",
|
||||
"value": "https://secdb.alpinelinux.org/v3.20/main.json",
|
||||
"decisionReason": null,
|
||||
"recordedAt": "2025-12-22T00:20:00+00:00",
|
||||
"fieldMask": []
|
||||
},
|
||||
"sourceTag": "secdb",
|
||||
"summary": null,
|
||||
"url": "https://secdb.alpinelinux.org/v3.20/main.json"
|
||||
}
|
||||
],
|
||||
"severity": null,
|
||||
"summary": null,
|
||||
"title": "alpine/cve-2025-46394"
|
||||
}
|
||||
]
|
||||
@@ -1,10 +1,16 @@
|
||||
using StellaOps.Concelier.Merge.Comparers;
|
||||
using StellaOps.Concelier.Normalization.Distro;
|
||||
using StellaOps.VersionComparison;
|
||||
|
||||
namespace StellaOps.Concelier.Merge.Tests;
|
||||
|
||||
public sealed class ApkVersionComparerTests
|
||||
{
|
||||
[Fact]
|
||||
public void ComparatorType_Returns_Apk()
|
||||
{
|
||||
Assert.Equal(ComparatorType.Apk, ApkVersionComparer.Instance.ComparatorType);
|
||||
}
|
||||
public static TheoryData<string, string, int, string> ComparisonCases => BuildComparisonCases();
|
||||
|
||||
[Theory]
|
||||
@@ -73,4 +79,104 @@ public sealed class ApkVersionComparerTests
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
#region CompareWithProof Tests (SPRINT_4000_0002_0001)
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_BothNull_ReturnsEqual()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof(null, null);
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.Equal(ComparatorType.Apk, result.Comparator);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_LeftNull_ReturnsLess()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof(null, "1.0-r0");
|
||||
|
||||
Assert.Equal(-1, result.Comparison);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_RightNull_ReturnsGreater()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", null);
|
||||
|
||||
Assert.Equal(1, result.Comparison);
|
||||
Assert.Contains("null", result.ProofLines[0].ToLower());
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_EqualVersions_ReturnsEqualWithProof()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r1");
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.True(result.IsEqual);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("equal"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_VersionDifference_ReturnsProofLines()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r0", "1.2.4-r0");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.NotEmpty(result.ProofLines);
|
||||
Assert.Contains(result.ProofLines, line =>
|
||||
line.Contains("Version") || line.Contains("older") || line.Contains("<"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_PkgRelDifference_ReturnsProofWithPkgRel()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3-r1", "1.2.3-r2");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("release") || line.Contains("-r"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_ImplicitVsExplicitPkgRel_ReturnsProofExplaining()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.3", "1.2.3-r0");
|
||||
|
||||
Assert.True(result.IsLessThan);
|
||||
Assert.Contains(result.ProofLines, line => line.Contains("implicit") || line.Contains("explicit"));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_NewerVersion_ReturnsGreaterThanOrEqual()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.2.4-r0", "1.2.3-r0");
|
||||
|
||||
Assert.True(result.IsGreaterThan);
|
||||
Assert.True(result.IsGreaterThanOrEqual);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_InvalidVersions_FallsBackToStringComparison()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("", "");
|
||||
|
||||
Assert.Equal(0, result.Comparison);
|
||||
Assert.Contains(result.ProofLines, line =>
|
||||
line.Contains("invalid", StringComparison.OrdinalIgnoreCase) ||
|
||||
line.Contains("fallback", StringComparison.OrdinalIgnoreCase) ||
|
||||
line.Contains("equal", StringComparison.OrdinalIgnoreCase));
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void CompareWithProof_ReturnsCorrectComparatorType()
|
||||
{
|
||||
var result = ApkVersionComparer.Instance.CompareWithProof("1.0-r0", "1.0-r1");
|
||||
|
||||
Assert.Equal(ComparatorType.Apk, result.Comparator);
|
||||
}
|
||||
|
||||
#endregion
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user