fix(ubuntu): emit vuln rows for out of support (#477)

Ensure the ubuntu provider emits `wont-fix` vulnerability rows when the
final state ends up as ignored and one of the end of support labels and
there was no previous fix found after traversing git state

Signed-off-by: Weston Steimel <[email protected]>

src/vunnel/providers/ubuntu/parser.py

@@ -37,7 +37,7 @@
 # Per the Ubuntu README in the security tracker BZR repo:
 # Maps the state name to whether it indicates a package is vulnerable
 patch_states = {
-    "DNE": False,  # Does Not Exist, no fix
+    "DNE": False,  # Does Not Exist, the package is does not exist in a particular ubuntu release
     "needs-triage": False,  # Not yet determined if CVE affects package, ignore in anchore until determination made
     "ignored": False,  # CVE does not affect the package or no updates (e.g. end-of-life) (NOTE: should still report?)
     "not-affected": False,  # The package is related to the issue, but not affected by it.
@@ -148,6 +148,7 @@ def __init__(self):
         self.NamespaceName = None
         self.VersionFormat = None
         self.Version = None
+        self.VendorAdvisory = None
 
 
 class Severity(enum.IntEnum):
@@ -283,7 +284,7 @@ def parse_patch(header: str, lines: list[str]) -> list[Patch]:  # noqa: C901
                 status_match = _patch_state_regex.match(match.group(3))
                 if status_match and status_match.group(1):
                     state = status_match.group(1)
-                    if state in patch_states:  # and patch_states[state]:
+                    if state in patch_states:
                         version = status_match.group(2)
                         if version:
                             version = version.strip()
@@ -520,7 +521,9 @@ def map_parsed(parsed_cve: CVEFile, logger: logging.Logger | None = None):  # no
             vulns[namespace_name] = r
 
         # If the patch status is one we care about, make the FixedIn record, else skip it but create CVE records
-        if check_state(p.status):
+        # We currently want to mark end-of-support records with no previously known fix as vulnerable, hence the
+        # or check_merge step here.
+        if check_state(p.status) or check_merge(p):
             pkg = FixedIn()
             pkg.Name = p.package
 
@@ -542,6 +545,13 @@ def map_parsed(parsed_cve: CVEFile, logger: logging.Logger | None = None):  # no
 
             else:
                 pkg.Version = "None"
+                # Set NoAdvisory to true so that `wont-fix` status gets set on
+                # out of support entries
+                if p.status == "ignored":
+                    pkg.VendorAdvisory = {"NoAdvisory": True}
+
+            if not pkg.VendorAdvisory:
+                pkg.VendorAdvisory = {"NoAdvisory": False}
 
             pkg.VersionFormat = "dpkg"
             pkg.NamespaceName = namespace_name

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2019-17185.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2021-4204.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:14.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:14.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[{"Name":"linux-lts-xenial","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-azure","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-fips","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2022-20566.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-20566","item":{"Vulnerability":{"Name":"CVE-2022-20566","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-20566","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-20566","item":{"Vulnerability":{"Name":"CVE-2022-20566","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-20566","FixedIn":[{"Name":"linux","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-lts-xenial","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-azure","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-fips","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2022-41859.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41859","item":{"Vulnerability":{"Name":"CVE-2022-41859","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41859","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41859","item":{"Vulnerability":{"Name":"CVE-2022-41859","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41859","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2022-41860.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41860","item":{"Vulnerability":{"Name":"CVE-2022-41860","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41860","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41860","item":{"Vulnerability":{"Name":"CVE-2022-41860","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41860","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:14.04/cve-2022-41861.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41861","item":{"Vulnerability":{"Name":"CVE-2022-41861","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41861","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:14.04/cve-2022-41861","item":{"Vulnerability":{"Name":"CVE-2022-41861","NamespaceName":"ubuntu:14.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41861","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:14.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2019-17185.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2021-4204.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:16.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:16.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[{"Name":"linux-hwe","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-kvm","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws-hwe","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-azure","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gcp","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gke","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-oracle","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-raspi2","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-snapdragon","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-fips","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2022-20566.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-20566","item":{"Vulnerability":{"Name":"CVE-2022-20566","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-20566","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-20566","item":{"Vulnerability":{"Name":"CVE-2022-20566","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-20566","FixedIn":[{"Name":"linux","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-hwe","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-kvm","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-aws-hwe","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-azure","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-fips","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gcp","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gke","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-oracle","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-raspi2","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-snapdragon","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2022-41859.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41859","item":{"Vulnerability":{"Name":"CVE-2022-41859","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41859","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41859","item":{"Vulnerability":{"Name":"CVE-2022-41859","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41859","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2022-41860.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41860","item":{"Vulnerability":{"Name":"CVE-2022-41860","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41860","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41860","item":{"Vulnerability":{"Name":"CVE-2022-41860","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41860","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:16.04/cve-2022-41861.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41861","item":{"Vulnerability":{"Name":"CVE-2022-41861","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41861","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:16.04/cve-2022-41861","item":{"Vulnerability":{"Name":"CVE-2022-41861","NamespaceName":"ubuntu:16.04","Description":"","Severity":"Medium","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2022-41861","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:16.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:18.04/cve-2021-4204.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:18.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:18.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:18.04/cve-2021-4204","item":{"Vulnerability":{"Name":"CVE-2021-4204","NamespaceName":"ubuntu:18.04","Description":"","Severity":"High","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2021-4204","FixedIn":[{"Name":"linux-gke-4.15","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gke-5.0","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-gke-5.3","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-oem","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-oem-osp1","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}},{"Name":"linux-raspi2-5.3","NamespaceName":"ubuntu:18.04","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}

tests/unit/providers/ubuntu/test-fixtures/snapshots/ubuntu:19.10/cve-2019-17185.json

@@ -1 +1 @@
-{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:19.10/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:19.10","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[]}}}
+{"schema":"https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json","identifier":"ubuntu:19.10/cve-2019-17185","item":{"Vulnerability":{"Name":"CVE-2019-17185","NamespaceName":"ubuntu:19.10","Description":"","Severity":"Low","Metadata":{},"Link":"https://ubuntu.com/security/CVE-2019-17185","FixedIn":[{"Name":"freeradius","NamespaceName":"ubuntu:19.10","VersionFormat":"dpkg","Version":"None","VendorAdvisory":{"NoAdvisory":true}}]}}}