{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2025-04-09T11:13:34Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/document/package-coreutils-stdbuf","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/coreutils/package-coreutils-stdbuf/coreutils/UNIHASH/document/package-coreutils-stdbuf","https://rdf.openembedded.org/spdx/3.0/link-name":"fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060"}],"name":"package-coreutils-stdbuf","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf","creationInfo":"_:CreationInfo0","description":"The GNU Core Utilities provide the basic file, shell and text manipulation utilities. These are the core utilities which are expected to exist on every system.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/package/coreutils-stdbuf"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:coreutils:9.7:*:*:*:*:*:*:*"}],"name":"coreutils-stdbuf","summary":"The basic file, shell and text manipulation utilities","software_primaryPurpose":"install","software_homePage":"http://www.gnu.org/software/coreutils/","software_packageVersion":"9.7"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf/file/1","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/package/coreutils-stdbuf/file/1"}],"name":"usr/bin/stdbuf","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"8da672a060e57347d3146524dc2593d6dc9b3914cba7c41f8f58d12a7fca5cc6"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf/file/2","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/package/coreutils-stdbuf/file/2"}],"name":"usr/lib/coreutils/libstdbuf.so","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"233de0cf8b03acf0dfdd99f0a3ebf95052bd7274124a9f3f553c999a25b61df4"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/relationship/12b5fa76a6f330ae5ae9b92f09a3753e","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/relationship/12b5fa76a6f330ae5ae9b92f09a3753e"}],"from":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/vulnerability/CVE-2016-2781","http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/vulnerability/CVE-2025-5278"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/relationship/5d9c81168ff9d7a42f54a7c6da12b224","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/relationship/5d9c81168ff9d7a42f54a7c6da12b224"}],"from":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/license/3_27_0/GPL-3_0-or-later"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/relationship/719e747ac1c029143383da275bf478e4","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/relationship/719e747ac1c029143383da275bf478e4"}],"from":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf","relationshipType":"contains","to":["http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf/file/1","http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf/file/2"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/relationship/a62570f9036afa1b81080986b4c0fbbe","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/relationship/a62570f9036afa1b81080986b4c0fbbe"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf"],"scope":"build"},{"type":"security_VexFixedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/vex-fixed/54da5a076de0f5184bc695e4c502f42e","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/vex-fixed/54da5a076de0f5184bc695e4c502f42e"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/vulnerability/CVE-2025-5278","relationshipType":"fixedIn","to":["http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf"],"security_vexVersion":"1.0.0"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/vex-not-affected/46ad9aab74d16ffbfe8ae1da547397aa","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/fd942440ae8f126a02de5ea86718f85558724693309e243ae005628806035060/coreutils/UNIHASH/vex-not-affected/46ad9aab74d16ffbfe8ae1da547397aa"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/5e08f180a9050a2bdcba5c46367dd20e5ae76615586b60a960441bd50660f0ca/coreutils/UNIHASH/vulnerability/CVE-2016-2781","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/coreutils-31f3ba4d-00f2-59bc-9d87-40a89376a138/cf19239f93e37670249b75ba6e6023070e36ab2da287bc8515af53dea247f9d5/package/coreutils-stdbuf"],"security_vexVersion":"1.0.0","security_impactStatement":"runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue."}]}