-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
False
-
-
False
-
Very Likely
-
0
It appears that the architecture is sometimes not specified in the PURL for affected RPM packages.
Architecture information is essential to determine whether the package is a binary or a source package.
This issue might be related to the following ticket:
https://issues.redhat.com/projects/SECDATA/issues/SECDATA-1097
{
"category": "product_version",
"name": "kernel-rt",
"product": {
"name": "kernel-rt",
"product_id": "kernel-rt",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core",
"product": {
"name": "kernel-rt-core",
"product_id": "kernel-rt-core",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core"
}
}
},
...
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt as a component of Red Hat Enterprise Linux 9",
"product_id": "red_hat_enterprise_linux_9:kernel-rt"
},
"product_reference": "kernel-rt",
"relates_to_product_reference": "red_hat_enterprise_linux_9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core as a component of Red Hat Enterprise Linux 9",
"product_id": "red_hat_enterprise_linux_9:kernel-rt-core"
},
"product_reference": "kernel-rt-core",
"relates_to_product_reference": "red_hat_enterprise_linux_9"
},
...
"known_affected": [
"red_hat_enterprise_linux_9:kernel-rt",
"red_hat_enterprise_linux_9:kernel-rt-core",
...
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1272.json
https://access.redhat.com/security/cve/cve-2025-1272
- causes
-
CLAIRDEV-177 Errors in the VEX corpus that could affect the veracity of Clair's reporting
-
- To Do
-
- mentioned on
