{ "manifestVersion": "1.0.0", "corpusId": "golden-corpus-seed-v1", "createdAt": "2026-01-21T00:00:00Z", "description": "Golden corpus seed list for patch-paired artifact validation", "selectionCriteria": { "primaryAdvisory": true, "patchPairedAvailable": true, "permissiveLicense": true, "reproducibleBuild": "preferred" }, "targets": [ { "id": "debian-zlib-DSA-5218-1", "package": "zlib1g", "distro": "debian", "advisory": "DSA-5218-1", "cves": ["CVE-2022-37434"], "vulnerableVersion": "1:1.2.11.dfsg-2+deb11u1", "fixedVersion": "1:1.2.11.dfsg-2+deb11u2", "license": "zlib", "licenseVerified": true, "status": "verified" }, { "id": "debian-curl-DSA-5587-1", "package": "curl", "distro": "debian", "advisory": "DSA-5587-1", "cves": ["CVE-2023-46218", "CVE-2023-46219"], "vulnerableVersion": "7.88.1-10+deb12u4", "fixedVersion": "7.88.1-10+deb12u5", "license": "curl", "licenseVerified": true, "status": "verified" }, { "id": "debian-libxml2-DSA-5391-1", "package": "libxml2", "distro": "debian", "advisory": "DSA-5391-1", "cves": ["CVE-2023-28484", "CVE-2023-29469"], "vulnerableVersion": "2.9.14+dfsg-1.2", "fixedVersion": "2.9.14+dfsg-1.3~deb12u1", "license": "MIT", "licenseVerified": true, "status": "verified" }, { "id": "debian-openssl-DSA-5532-1", "package": "openssl", "distro": "debian", "advisory": "DSA-5532-1", "cves": ["CVE-2023-5363"], "vulnerableVersion": "3.0.11-1~deb12u1", "fixedVersion": "3.0.11-1~deb12u2", "license": "Apache-2.0", "licenseVerified": true, "status": "verified" }, { "id": "debian-sqlite3-DSA-5466-1", "package": "sqlite3", "distro": "debian", "advisory": "DSA-5466-1", "cves": ["CVE-2023-7104"], "vulnerableVersion": "3.40.1-1", "fixedVersion": "3.40.1-2", "license": "Public Domain", "licenseVerified": true, "status": "verified" }, { "id": "debian-expat-DSA-5085-1", "package": "expat", "distro": "debian", "advisory": "DSA-5085-1", "cves": ["CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315"], "vulnerableVersion": "2.4.1-3", "fixedVersion": "2.4.1-3+deb11u1", "license": "MIT", "licenseVerified": true, "status": "verified" }, { "id": "debian-tiff-DSA-5361-1", "package": "tiff", "distro": "debian", "advisory": "DSA-5361-1", "cves": ["CVE-2022-48281"], "vulnerableVersion": "4.5.0-5", "fixedVersion": "4.5.0-6", "license": "libtiff", "licenseVerified": true, "status": "verified" }, { "id": "debian-libpng1.6-DSA-5607-1", "package": "libpng1.6", "distro": "debian", "advisory": "DSA-5607-1", "cves": ["CVE-2024-25062"], "vulnerableVersion": "1.6.39-2", "fixedVersion": "1.6.39-2+deb12u1", "license": "libpng", "licenseVerified": true, "status": "pending-verification" }, { "id": "alpine-busybox-CVE-2022-28391", "package": "busybox", "distro": "alpine", "advisory": "secdb main/busybox", "cves": ["CVE-2022-28391"], "vulnerableVersion": "1.35.0-r13", "fixedVersion": "1.35.0-r14", "license": "GPL-2.0", "licenseVerified": false, "status": "license-review-required", "notes": "GPL license requires separate handling for redistribution" }, { "id": "alpine-apk-tools-CVE-2021-36159", "package": "apk-tools", "distro": "alpine", "advisory": "secdb main/apk-tools", "cves": ["CVE-2021-36159"], "vulnerableVersion": "2.12.6-r0", "fixedVersion": "2.12.7-r0", "license": "GPL-2.0", "licenseVerified": false, "status": "license-review-required", "notes": "GPL license requires separate handling for redistribution" } ], "statistics": { "totalTargets": 10, "debianTargets": 8, "alpineTargets": 2, "verifiedLicenses": 7, "pendingLicenseReview": 2, "totalCves": 15 } }