{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2025-06-24T20:32:27Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/document/package-shadow-dev","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/shadow/package-shadow-dev/shadow/UNIHASH/document/package-shadow-dev"}],"name":"package-shadow-dev","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev","creationInfo":"_:CreationInfo1","description":"Tools to change and administer password and group data  This package contains symbolic links, header files, and related items necessary for software development.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/package/shadow-dev"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:shadow:4.18.0:*:*:*:*:*:*:*"}],"name":"shadow-dev","summary":"Tools to change and administer password and group data - Development files","software_primaryPurpose":"install","software_homePage":"http://github.com/shadow-maint/shadow","software_packageVersion":"4.18.0"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev/file/1","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/package/shadow-dev/file/1"}],"name":"usr/include/shadow/subid.h","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"ac4d4f100248c45ac7ac639e2dc54da3b10455b9bd43ed6cc33e5c0e4fb975b4"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/relationship/31d35694229e1b3818a0c869fce03ba6","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/relationship/31d35694229e1b3818a0c869fce03ba6"}],"from":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/vulnerability/CVE-2013-4235"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/relationship/43c6cfca1e5f4704d01ccddc7c8e59ab","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/relationship/43c6cfca1e5f4704d01ccddc7c8e59ab"}],"from":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev","relationshipType":"contains","to":["http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev/file/1"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/relationship/859e809226258ac4400bfe31b5ccf92b","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/relationship/859e809226258ac4400bfe31b5ccf92b"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/relationship/c6d4248b175f3ffb4b35bee5a52057b8","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/relationship/c6d4248b175f3ffb4b35bee5a52057b8"}],"from":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/license/3_27_0/BSD-3-Clause"]},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/vex-not-affected/5b071e0fdea5743b2f6723b9bab0e62a","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/36a09b6479fd2bfa95318f3e5c1f7f5a919827f7195a6f5b0023b43ea82c82b3/shadow/UNIHASH/vex-not-affected/5b071e0fdea5743b2f6723b9bab0e62a"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/cc72db638e3f8e283e722af0ecc77d19f93cc6736700ee76477e3773b6b07b05/shadow/UNIHASH/vulnerability/CVE-2013-4235","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/shadow-10e66933-65cf-5a2d-9a1d-99b12a405441/f355bc089516c096cdd2f3a9e5f434e3df30585b6954c1216110610a7535ba7d/package/shadow-dev"],"security_vexVersion":"1.0.0","security_impactStatement":"Severity is low and marked as closed and won't fix."}]}