{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2008-07-05T17:32:48Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/document/package-zip-dev","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/zip/package-zip-dev/zip/UNIHASH/document/package-zip-dev"}],"name":"package-zip-dev","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev","creationInfo":"_:CreationInfo0","description":"Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc.  This package contains symbolic links, header files, and related items necessary for software development.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/package/zip-dev"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:zip:3.0:*:*:*:*:*:*:*"}],"name":"zip-dev","summary":"Compressor/archiver for creating and modifying .zip files - Development files","software_primaryPurpose":"install","software_homePage":"http://www.info-zip.org","software_packageVersion":"3.0"},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/120e1a90d6973607b8cd76152999a0cd","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/relationship/120e1a90d6973607b8cd76152999a0cd"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/2107a3f9eab6f93463a8f90daa7a7338","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/relationship/2107a3f9eab6f93463a8f90daa7a7338"}],"from":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13410","http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13684"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/a092c8b4d3a5c3cf9c3bd0a9f372ac79","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/relationship/a092c8b4d3a5c3cf9c3bd0a9f372ac79"}],"from":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/license/3_27_0/Info-ZIP"]},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/vex-not-affected/8071cac321a1c0ba8bf4e8acb2b67ccb","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/vex-not-affected/8071cac321a1c0ba8bf4e8acb2b67ccb"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13410","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev"],"security_vexVersion":"1.0.0","security_impactStatement":"Disputed and also Debian doesn't consider a vulnerability"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/vex-not-affected/c74f18edf16cc05121093972941c3f97","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a5b38809e4aeb022cb95bf139c306b09182b5e94c4fd91e531fd06b02f8c6985/zip/UNIHASH/vex-not-affected/c74f18edf16cc05121093972941c3f97"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13684","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip-dev"],"security_vexVersion":"1.0.0","security_impactStatement":"Not for zip but for smart contract implementation for it"}]}