# Golden Security Pairs Index # 16 curated pairs per VALH-009 requirements # Format: OpenSSL (8), zlib (4), libxml2 (4) pairs: # OpenSSL: 2 CVE micro-bumps × 4 distros = 8 pairs - id: openssl-001 cve: CVE-2024-0727 library: openssl version_before: "3.0.12" version_after: "3.0.13" distribution: ubuntu:jammy architecture: amd64 affected_functions: - PKCS12_parse - PKCS12_verify_mac patch_type: security_fix - id: openssl-002 cve: CVE-2024-0727 library: openssl version_before: "3.0.12" version_after: "3.0.13" distribution: debian:bookworm architecture: amd64 affected_functions: - PKCS12_parse - PKCS12_verify_mac patch_type: security_fix - id: openssl-003 cve: CVE-2024-0727 library: openssl version_before: "3.0.12" version_after: "3.0.13" distribution: fedora:39 architecture: amd64 affected_functions: - PKCS12_parse - PKCS12_verify_mac patch_type: security_fix - id: openssl-004 cve: CVE-2024-0727 library: openssl version_before: "3.0.12" version_after: "3.0.13" distribution: alpine:3.19 architecture: amd64 affected_functions: - PKCS12_parse - PKCS12_verify_mac patch_type: security_fix - id: openssl-005 cve: CVE-2023-5678 library: openssl version_before: "3.0.11" version_after: "3.0.12" distribution: ubuntu:jammy architecture: amd64 affected_functions: - DH_generate_key - DH_check_ex patch_type: security_fix - id: openssl-006 cve: CVE-2023-5678 library: openssl version_before: "3.0.11" version_after: "3.0.12" distribution: debian:bookworm architecture: amd64 affected_functions: - DH_generate_key - DH_check_ex patch_type: security_fix - id: openssl-007 cve: CVE-2023-5678 library: openssl version_before: "3.0.11" version_after: "3.0.12" distribution: fedora:39 architecture: amd64 affected_functions: - DH_generate_key - DH_check_ex patch_type: security_fix - id: openssl-008 cve: CVE-2023-5678 library: openssl version_before: "3.0.11" version_after: "3.0.12" distribution: alpine:3.19 architecture: amd64 affected_functions: - DH_generate_key - DH_check_ex patch_type: security_fix # zlib: 1 minor security patch × 4 distros = 4 pairs - id: zlib-001 cve: CVE-2023-45853 library: zlib version_before: "1.2.13" version_after: "1.3" distribution: ubuntu:jammy architecture: amd64 affected_functions: - deflate - deflateEnd - inflateSync patch_type: security_fix - id: zlib-002 cve: CVE-2023-45853 library: zlib version_before: "1.2.13" version_after: "1.3" distribution: debian:bookworm architecture: amd64 affected_functions: - deflate - deflateEnd - inflateSync patch_type: security_fix - id: zlib-003 cve: CVE-2023-45853 library: zlib version_before: "1.2.13" version_after: "1.3" distribution: fedora:39 architecture: amd64 affected_functions: - deflate - deflateEnd - inflateSync patch_type: security_fix - id: zlib-004 cve: CVE-2023-45853 library: zlib version_before: "1.2.13" version_after: "1.3" distribution: alpine:3.19 architecture: amd64 affected_functions: - deflate - deflateEnd - inflateSync patch_type: security_fix # libxml2: 1 parser bugfix × 4 distros = 4 pairs - id: libxml2-001 cve: CVE-2024-25062 library: libxml2 version_before: "2.12.3" version_after: "2.12.4" distribution: ubuntu:jammy architecture: amd64 affected_functions: - xmlParseChunk - xmlParseDocument - xmlCtxtReadMemory patch_type: parser_fix - id: libxml2-002 cve: CVE-2024-25062 library: libxml2 version_before: "2.12.3" version_after: "2.12.4" distribution: debian:bookworm architecture: amd64 affected_functions: - xmlParseChunk - xmlParseDocument - xmlCtxtReadMemory patch_type: parser_fix - id: libxml2-003 cve: CVE-2024-25062 library: libxml2 version_before: "2.12.3" version_after: "2.12.4" distribution: fedora:39 architecture: amd64 affected_functions: - xmlParseChunk - xmlParseDocument - xmlCtxtReadMemory patch_type: parser_fix - id: libxml2-004 cve: CVE-2024-25062 library: libxml2 version_before: "2.12.3" version_after: "2.12.4" distribution: alpine:3.19 architecture: amd64 affected_functions: - xmlParseChunk - xmlParseDocument - xmlCtxtReadMemory patch_type: parser_fix metadata: version: "1.0" created: "2026-01-19" description: "Starter corpus with 16 security pairs for validation harness (VALH-009)" coverage: openssl: 8 zlib: 4 libxml2: 4 total: 16