{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2025-10-10T02:38:31Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/document/package-openssh-keygen","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/openssh/package-openssh-keygen/openssh/UNIHASH/document/package-openssh-keygen"}],"name":"package-openssh-keygen","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen","creationInfo":"_:CreationInfo1","description":"Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/package/openssh-keygen"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:openssh:10.2p1:*:*:*:*:*:*:*"}],"name":"openssh-keygen","summary":"A suite of security-related network utilities based on the SSH protocol including the ssh client and sshd server","software_primaryPurpose":"install","software_homePage":"http://www.openssh.com/","software_packageVersion":"10.2p1"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen/file/1","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/package/openssh-keygen/file/1"}],"name":"usr/bin/ssh-keygen","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"95dde7895f5f1819e1c3e20ddc87e60407c38696ca25ac2dd2a051ccaec7e30e"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/0564fddd769acbb3eb041fb7008feeac","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/relationship/0564fddd769acbb3eb041fb7008feeac"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/license/3_27_0/BSD-2-Clause_AND_BSD-3-Clause_AND_ISC_AND_MIT"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/4cff8b2d8c3bafa1e6c19fea8a44c70a","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/relationship/4cff8b2d8c3bafa1e6c19fea8a44c70a"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2007-2768","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2008-3844","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2014-9278","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2023-51767"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/89c61d40d714ab426118579a89290b77","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/relationship/89c61d40d714ab426118579a89290b77"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/ea24591ffb2f1b4145361aad0db9013b","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/relationship/ea24591ffb2f1b4145361aad0db9013b"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen","relationshipType":"contains","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen/file/1"]},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/2e2799015bc90a7c3ab8b3614733c033","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/vex-not-affected/2e2799015bc90a7c3ab8b3614733c033"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2023-51767","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"],"security_vexVersion":"1.0.0","security_impactStatement":"It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/ca561b7cccee2b554df3204e38d32868","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/vex-not-affected/ca561b7cccee2b554df3204e38d32868"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2008-3844","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"],"security_vexVersion":"1.0.0","security_impactStatement":"Only applies to some distributed RHEL binaries.","security_justificationType":"vulnerableCodeNotPresent"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/dd943dce9b9f778aaca459f0a26a35f0","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/vex-not-affected/dd943dce9b9f778aaca459f0a26a35f0"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2014-9278","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"],"security_vexVersion":"1.0.0","security_impactStatement":"This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment","security_justificationType":"vulnerableCodeNotPresent"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/e03ef18aa9d52093dfc9ad9fda4114de","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/73c598e7b9681296ec0f3f2506dc64400a9f5ad0a5a29562e1117788ed9be0c1/openssh/UNIHASH/vex-not-affected/e03ef18aa9d52093dfc9ad9fda4114de"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2007-2768","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-keygen"],"security_vexVersion":"1.0.0","security_impactStatement":"This CVE is specific to OpenSSH with the pam opie which we don't build/use here.","security_justificationType":"vulnerableCodeNotPresent"}]}