{"@context":"https://spdx.org/rdf/3.0.1/spdx-context.jsonld","@graph":[{"type":"CreationInfo","@id":"_:CreationInfo0","created":"2011-04-05T23:00:00Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"CreationInfo","@id":"_:CreationInfo1","created":"2026-01-24T12:25:07Z","createdBy":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded"],"createdUsing":["http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0"],"specVersion":"3.0.1"},{"type":"Organization","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/agent/OpenEmbedded","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"OpenEmbedded"},{"type":"Tool","spdxId":"http://spdx.org/spdxdocs/bitbake-addba517-4804-5ae3-87c2-0c3a1a5812ba/bitbake/tool/oe-spdx-creator_1_0","creationInfo":"_:CreationInfo0","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias"}],"name":"oe-spdx-creator 1.0"},{"type":"SpdxDocument","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/document/package-nativesdk-libnss-db2","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/doc/nativesdk-glibc/package-nativesdk-libnss-db2/nativesdk-glibc/UNIHASH/document/package-nativesdk-libnss-db2","https://rdf.openembedded.org/spdx/3.0/link-name":"a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f"}],"name":"package-nativesdk-libnss-db2","profileConformance":["build","core","security","simpleLicensing","software"],"rootElement":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"]},{"type":"software_Package","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2","creationInfo":"_:CreationInfo1","description":"The GNU C Library is used as the system C library in most systems with the Linux kernel.","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/package/nativesdk-libnss-db2"}],"externalIdentifier":[{"type":"ExternalIdentifier","externalIdentifierType":"cpe23","identifier":"cpe:2.3:*:*:glibc:2.42:*:*:*:*:*:*:*"}],"name":"nativesdk-libnss-db2","summary":"GLIBC (GNU C Library)","software_primaryPurpose":"install","software_homePage":"http://www.gnu.org/software/libc/libc.html","software_packageVersion":"2.42+git"},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/1","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/package/nativesdk-libnss-db2/file/1"}],"name":"usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-tdxsdk-linux/lib/libnss_db.so.2","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"9a75e0b0fcd03fe0f5bbd7e639c1414bd31a60cf2f7c1f65bb8ee484f851db8a"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/2","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/package/nativesdk-libnss-db2/file/2"}],"name":"usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-tdxsdk-linux/var/db/Makefile","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"e53451104e8e6f928c21e2c288d45d2b2f2bb301c044cf7ad284c81fa2875575"}]},{"type":"software_File","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/3","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/package/nativesdk-libnss-db2/file/3"}],"name":"usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-tdxsdk-linux/var/db/makedbs.sh","verifiedUsing":[{"type":"Hash","algorithm":"sha256","hashValue":"f2733e1ddaab760c64aa4ce44858ca4e1d2a7931b950331ef1132f48f2a42360"}]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/relationship/4a8b4d32eb54d6cf8d4836fdb8bf2f21","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/relationship/4a8b4d32eb54d6cf8d4836fdb8bf2f21"}],"from":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2","relationshipType":"contains","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/1","http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/2","http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2/file/3"]},{"type":"LifecycleScopedRelationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/relationship/6268eb03ac4daef5a7e9f2224f90032d","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/relationship/6268eb03ac4daef5a7e9f2224f90032d"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/build/recipe","relationshipType":"hasOutput","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"],"scope":"build"},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/relationship/e6fbd98d960c798ffadc6db0b7126883","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/relationship/e6fbd98d960c798ffadc6db0b7126883"}],"from":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2","relationshipType":"hasDeclaredLicense","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/license/3_27_0/GPL-2_0-only_AND_LGPL-2_1-or-later"]},{"type":"Relationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/relationship/f8d4e78973a50d9c705a5768d8a6d065","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/relationship/f8d4e78973a50d9c705a5768d8a6d065"}],"from":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2","relationshipType":"hasAssociatedVulnerability","to":["http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010022","http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010023","http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010024","http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010025"]},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/vex-not-affected/1e8388c3aedaedb6c8490d1779861894","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/vex-not-affected/1e8388c3aedaedb6c8490d1779861894"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010022","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"],"security_vexVersion":"1.0.0","security_impactStatement":"Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat."},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/vex-not-affected/71694ba005a4aa0bf107fcd0794a9b2d","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/vex-not-affected/71694ba005a4aa0bf107fcd0794a9b2d"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010024","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"],"security_vexVersion":"1.0.0","security_impactStatement":"Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat."},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/vex-not-affected/8e6b3cae69c248c4c3a0fb814c3b9abd","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/vex-not-affected/8e6b3cae69c248c4c3a0fb814c3b9abd"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010025","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"],"security_vexVersion":"1.0.0","security_impactStatement":"Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow easier access for another. 'ASLR bypass itself is not a vulnerability.'"},{"type":"security_VexNotAffectedVulnAssessmentRelationship","spdxId":"http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/vex-not-affected/c57cf11c00c7ebfac90185df1c16d4bd","creationInfo":"_:CreationInfo1","extension":[{"type":"https://rdf.openembedded.org/spdx/3.0/id-alias","https://rdf.openembedded.org/spdx/3.0/alias":"http://spdxdocs.org/openembedded-alias/by-doc-hash/a4c2589117726efdf5d2176424a4a0ef79978450d715bb60bf7fac9dfdb8aa9f/nativesdk-glibc/UNIHASH/vex-not-affected/c57cf11c00c7ebfac90185df1c16d4bd"}],"from":"http://spdxdocs.org/openembedded-alias/by-doc-hash/ec95d1050dd09a8f8a75494b81742fe37717b475d9c126ce57fe8557b98d5881/nativesdk-glibc/UNIHASH/vulnerability/CVE-2019-1010023","relationshipType":"doesNotAffect","to":["http://spdx.org/spdxdocs/nativesdk-glibc-9bf7b422-c754-5e1d-82e7-efca968fdfb9/5895f2815f5370960dfdcdfb4fd6e02033c9f8114a4bf93fc8e63f0bc1c2f893/package/nativesdk-libnss-db2"],"security_vexVersion":"1.0.0","security_impactStatement":"Upstream glibc maintainers dispute there is any issue and have no plans to address it further. this is being treated as a non-security bug and no real threat."}]}