Description:
We have observed that recent Red Hat CSAF advisories related to rpmmod are missing the epoch field in the package data section.

Expected Behavior:
All CSAF advisories should include full RPM metadata (NEVRA: Name, Epoch, Version, Release, Architecture).

Actual Behavior:

• The epoch field is absent in affected CSAF advisories.

• Earlier advisories included this field, but newer ones omit it, causing inconsistent metadata.

Impact:

• Missing epoch values break downstream automation that relies on full NEVRA.

• Consumers parsing CSAF data may misinterpret packages, leading to inaccurate vulnerability assessments.

Supporting Data:

Example from CSAF advisory JSON:

RPMMOD CSAF

{{}}

non RPMMOD CSAF

Advisories where this issue is observed:

• RHSA-2024:6148 → CSAF JSON

• RHSA-2024:6000 → CSAF JSON

• RHSA-2024:6001 → CSAF JSON

Request:
Please confirm if omission of epoch is intentional. If not, can this be corrected for future rpmmod advisories and possibly backfilled in existing CSAF data?