{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2025-10-10T02:38:31Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/document/package-openssh-misc","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/openssh/package-openssh-misc/openssh/UNIHASH/document/package-openssh-misc"}],"name":"package-openssh-misc","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc","creationInfo":"_:CreationInfo1","description":"Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:openssh:10.2p1:*:*:*:*:*:*:*"}],"name":"openssh-misc","summary":"A suite of security-related network utilities based on the SSH protocol including the ssh client and sshd server","software_primaryPurpose":"install","software_homePage":"http://www.openssh.com/","software_packageVersion":"10.2p1"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/1","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/1"}],"name":"usr/bin/ssh-add","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"44e748ee9a7cce86b84e44e212efe328cdf1c93fb630ba547f65d23011e92918"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/2","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/2"}],"name":"usr/bin/ssh-agent","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"08eb58e34bad1ddc43154136f0c4ca0f808974d3471c1c36cebcf4f227a2b5d3"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/3","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/3"}],"name":"usr/bin/ssh-copy-id","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"a331afd275d386fd1a699e42fa1514699cf86c744ef62df3e5240d89e1443650"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/4","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/4"}],"name":"usr/bin/ssh-keyscan","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"ca30e0169852b8d125aeed9c0fa136495f0021549f418a9bb16c18c02dc556f9"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/5","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/5"}],"name":"usr/libexec/ssh-keysign","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"17e2a8969950b02ba98738e84f288dcdbcd5548fc2c870c4c661320006e26af1"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/6","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/6"}],"name":"usr/libexec/ssh-pkcs11-helper","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"a65fcbcc6c231ffff541166b176490bc07f9c28286271d083add14d29826bf9f"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/7","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/package/openssh-misc/file/7"}],"name":"usr/libexec/ssh-sk-helper","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"5f9bcefddffa822d3d091525c1c93cd7f29b50e20e43395faf0d3236cf4cbc23"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/284dcb17f5ef8336efb826cbbcdfa5c3","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/relationship/284dcb17f5ef8336efb826cbbcdfa5c3"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/license/3_27_0/BSD-2-Clause_AND_BSD-3-Clause_AND_ISC_AND_MIT"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/3725ebc317aff0b8556ea0856fa972be","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/relationship/3725ebc317aff0b8556ea0856fa972be"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc","relationshipType":"contains","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/1","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/2","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/3","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/4","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/5","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/6","http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc/file/7"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/76db2518ae18a42e5c673c4789d8888f","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/relationship/76db2518ae18a42e5c673c4789d8888f"}],"from":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2007-2768","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2008-3844","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2014-9278","http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2023-51767"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/relationship/9c24a6678b200a75004ce7c41a5ae202","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/relationship/9c24a6678b200a75004ce7c41a5ae202"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"],"scope":"build"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/09f739d1f1b8f2fa43283f8415b67e5e","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/vex-not-affected/09f739d1f1b8f2fa43283f8415b67e5e"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2023-51767","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"],"security_vexVersion":"1.0.0","security_impactStatement":"It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1."},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/421e862b6fdeba01c43e0cdc468b79bc","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/vex-not-affected/421e862b6fdeba01c43e0cdc468b79bc"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2007-2768","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"],"security_vexVersion":"1.0.0","security_impactStatement":"This CVE is specific to OpenSSH with the pam opie which we don't build/use here.","security_justificationType":"vulnerableCodeNotPresent"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/bdfe3e69b1230d76341f8210cf70a2be","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/vex-not-affected/bdfe3e69b1230d76341f8210cf70a2be"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2014-9278","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"],"security_vexVersion":"1.0.0","security_impactStatement":"This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment","security_justificationType":"vulnerableCodeNotPresent"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/vex-not-affected/d856b3114178046c06e418bd4ba7c346","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/51549425873d913051e182748fd482b3f29e937246b4b4227c6f5afbc7de6a2a/openssh/UNIHASH/vex-not-affected/d856b3114178046c06e418bd4ba7c346"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/8c370fd04af5f1e4936bd291fc89feb1fc07b6e4e66866b5a606cebad1858dca/openssh/UNIHASH/vulnerability/CVE-2008-3844","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/openssh-b3654395-a76e-53f0-8712-cc47496f463e/cd92560be14c59b4cd3b85b4e68d2f35ac203d50767c6577c68ff32563e4bdd4/package/openssh-misc"],"security_vexVersion":"1.0.0","security_impactStatement":"Only applies to some distributed RHEL binaries.","security_justificationType":"vulnerableCodeNotPresent"}]}