{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2008-07-05T17:32:48Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/document/package-zip","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/zip/package-zip/zip/UNIHASH/document/package-zip"}],"name":"package-zip","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip","creationInfo":"_:CreationInfo1","description":"Info-ZIP's purpose is to provide free, portable, high-quality versions of the Zip and UnZip compressor-archiver utilities that are compatible with the DOS-based PKZIP by PKWARE, Inc.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/package/zip"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:zip:3.0:*:*:*:*:*:*:*"}],"name":"zip","summary":"Compressor/archiver for creating and modifying .zip files","software_primaryPurpose":"install","software_homePage":"http://www.info-zip.org","software_packageVersion":"3.0"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/1","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/package/zip/file/1"}],"name":"usr/bin/zip","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"a1b9463155fed0c73e1f7a041aad887f1a930ebca50c582686827e0803e49e20"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/2","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/package/zip/file/2"}],"name":"usr/bin/zipcloak","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"4da5cc7aa0b6c3ed889aa0146c75c04308aeeef57432a5c0f9a9d4fa716b5043"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/3","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/package/zip/file/3"}],"name":"usr/bin/zipnote","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"776f5f95bb1c30b6337ec327170aa49c2b4129b59d9406462d5d02186d578d70"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/4","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/package/zip/file/4"}],"name":"usr/bin/zipsplit","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"9f243947ba95ef53a105a6ed06283e3781ee67443b488b9625ee4f37e9a8ab2c"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/3cb8d5d3b87c7c473b3af4826e9c81cf","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/relationship/3cb8d5d3b87c7c473b3af4826e9c81cf"}],"from":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/license/3_27_0/Info-ZIP"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/65b0838e160305d78f3b029cdd14c501","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/relationship/65b0838e160305d78f3b029cdd14c501"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/81a4b230a124b3faf0d84c31680e9ac2","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/relationship/81a4b230a124b3faf0d84c31680e9ac2"}],"from":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13410","http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13684"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/relationship/aa6384437ad9c0b0979c23e3918e8583","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/relationship/aa6384437ad9c0b0979c23e3918e8583"}],"from":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip","relationshipType":"contains","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/1","http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/2","http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/3","http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip/file/4"]},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/vex-not-affected/2828c6efb55a4d580916a0b2a7c534d0","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/vex-not-affected/2828c6efb55a4d580916a0b2a7c534d0"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13410","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip"],"security_vexVersion":"1.0.0","security_impactStatement":"Disputed and also Debian doesn't consider a vulnerability"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/vex-not-affected/2ae8899cb358d97e4d76e6d0c55db59f","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/173f1b51a228be1db98403a472d8a8b65b1be19d3bf6aecc37ee63e4ad968b1e/zip/UNIHASH/vex-not-affected/2ae8899cb358d97e4d76e6d0c55db59f"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/4453e59c505a4d025a2baa0c9d7eaad19c8623e5c63d23a5cb93a01d853e6aa5/zip/UNIHASH/vulnerability/CVE-2018-13684","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/zip-eedaa063-acd7-5ef9-b381-c604a2933775/17faf6511b491886f29a23d3f2327888196359e73fa95c3f4b6973136413bc1a/package/zip"],"security_vexVersion":"1.0.0","security_impactStatement":"Not for zip but for smart contract implementation for it"}]}