From d66c0bde2633d5fed01f40755937da83e168e8a5 Mon Sep 17 00:00:00 2001
From: Weston Steimel <commits@weston.slmail.me>
Date: Mon, 3 Jun 2024 11:45:49 +0100
Subject: [PATCH] enrich libarchive cves

Signed-off-by: Weston Steimel <commits@weston.slmail.me>
---
 data/anchore/2024/CVE-2024-20697.json | 45 +++++++++++++++++++++++++++
 data/anchore/2024/CVE-2024-26256.json | 45 +++++++++++++++++++++++++++
 2 files changed, 90 insertions(+)
 create mode 100644 data/anchore/2024/CVE-2024-20697.json
 create mode 100644 data/anchore/2024/CVE-2024-26256.json

diff --git a/data/anchore/2024/CVE-2024-20697.json b/data/anchore/2024/CVE-2024-20697.json
new file mode 100644
index 00000000..9e80cbba
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-20697.json
@@ -0,0 +1,45 @@
+{
+  "additionalMetadata": {
+    "cna": "microsoft",
+    "cveId": "CVE-2024-20697",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"
+        ],
+        "product": "libarchive",
+        "repo": "https://github.com/libarchive/libarchive",
+        "vendor": "libarchive",
+        "versions": [
+          {
+            "lessThan": "3.7.4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/libarchive/libarchive/pull/2135"
+      },
+      {
+        "url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237"
+      },
+      {
+        "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"
+      }
+    ]
+  }
+}
\ No newline at end of file
diff --git a/data/anchore/2024/CVE-2024-26256.json b/data/anchore/2024/CVE-2024-26256.json
new file mode 100644
index 00000000..49ed9136
--- /dev/null
+++ b/data/anchore/2024/CVE-2024-26256.json
@@ -0,0 +1,45 @@
+{
+  "additionalMetadata": {
+    "cna": "microsoft",
+    "cveId": "CVE-2024-26256",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*"
+        ],
+        "product": "libarchive",
+        "repo": "https://github.com/libarchive/libarchive",
+        "vendor": "libarchive",
+        "versions": [
+          {
+            "lessThan": "3.7.4",
+            "status": "affected",
+            "version": "0",
+            "versionType": "semver"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://github.com/libarchive/libarchive/pull/2135"
+      },
+      {
+        "url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237"
+      },
+      {
+        "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4"
+      }
+    ]
+  }
+}
\ No newline at end of file