修改，适用 csaf

Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-24 15:38:55 +08:00 · 2024-07-24 15:38:55 +08:00 · 6669e5b3b8
commit 6669e5b3b8
parent 187e5c0ef0
4648 changed files with 92753 additions and 753343 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,5 +1,5 @@
 [package]
-name = "cvrf2cusa"
+name = "csaf2cusa"
 version = "0.1.1"
 edition = "2021"

@ -7,7 +7,9 @@ edition = "2021"

 [dependencies]
 clap = { version = "4.0", features = ["derive"] }
-cvrf-xmlparser = { git = "https://git.zhgsun.com:8089/jiachao2130/cvrf-xmlparser.git", version = "0.1.0" }
+csaf-parser = { git = "https://git.zhgsun.com:8089/jiachao2130/csaf-parser.git", version = "0.1.0" }
+lazy_static = { version = "1" }
+regex = { version = "1" }
 serde = { version = "1", features = ["serde_derive"] }
 serde_json = { version = "1.0" }
 tracing = { version = "0.1" }
--- a/README.md
+++ b/README.md
@ -1,13 +1,13 @@
-这个应用于 CULinux VAT 系统中，将 openEuler 的 cvrf 格式的安全公告转换为 cusa。
+这个应用于 CULinux VAT 系统中，将 openEuler 的 csaf 格式的安全公告转换为 cusa。

 ```
-$ cvrf2cusa -h
-cvrf2cusa 是一个用于将 CVRF（Common Vulnerability Reporting Framework）格式的安全报告转换为 CUSA（CULinux Security Advisory）的工具，其输入格式为 Xml ，输出格式则为 Json。
+$ csaf2cusa -h
+csaf2cusa 是一个用于将 CSAF（Common Security Advisory Framework）格式的安全报告转换为 CUSA（CULinux Security Advisory）的工具，其输入格式为 Json ，输出格式则为 Json。

-Usage: cvrf2cusa <COMMAND>
+Usage: csaf2cusa <COMMAND>

 Commands:
-  convert  CVRF 转换输出子命令
+  convert  CSAF 转换输出子命令
  db       创建并生成新的 CUSA 数据文件
  help     Print this message or the help of the given subcommand(s)

--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1816.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1816.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1817.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1817.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"xorg-x11-server-xwayland security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Xwayland is an X server for running X clients under Wayland.   %package devel Summary: Development package Requires: pkgconfig   %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland.   %prep %autosetup -n xwayland-   %build %meson \\         -Dxwayland_eglstream=true \\         -Ddefault_font_path=\"catalogue:/etc/X11/fontpath.d,built-ins\" \\         -Dbuilder_string=\"Build ID:  -\" \\         -Dxkb_output_dir=/lib/xkb \\         -Dxcsecurity=true \\         -Dglamor=true \\         -Ddri3=true   %meson_build\n\nSecurity Fix(es):\n\nA flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.(CVE-2022-2320)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"xorg-x11-server-xwayland",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1817",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1817"
+			},
+			{
+				"summary":"CVE-2022-2320",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-2320&packageName=xorg-x11-server-xwayland"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2320"
+			},
+			{
+				"summary":"openEuler-SA-2024-1817 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1817.json"
+			}
+		],
+		"title":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:50+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:50+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:50+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:50+08:00",
+			"id":"openEuler-SA-2024-1817",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-2320",
+			"notes":[
+				{
+					"text":"A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64"
+					],
+					"details":"xorg-x11-server-xwayland security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1817"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.8,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-2320"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1818.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1818.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"xorg-x11-server-xwayland security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Xwayland is an X server for running X clients under Wayland.   %package devel Summary: Development package Requires: pkgconfig   %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland.   %prep %autosetup -n xwayland-   %build %meson \\         -Dxwayland_eglstream=true \\         -Ddefault_font_path=\"catalogue:/etc/X11/fontpath.d,built-ins\" \\         -Dbuilder_string=\"Build ID:  -\" \\         -Dxkb_output_dir=/lib/xkb \\         -Dxcsecurity=true \\         -Dglamor=true \\         -Ddri3=true   %meson_build\n\nSecurity Fix(es):\n\nA flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.(CVE-2022-2320)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"xorg-x11-server-xwayland",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1818",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1818"
+			},
+			{
+				"summary":"CVE-2022-2320",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-2320&packageName=xorg-x11-server-xwayland"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2320"
+			},
+			{
+				"summary":"openEuler-SA-2024-1818 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1818.json"
+			}
+		],
+		"title":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:51+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:51+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:51+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:51+08:00",
+			"id":"openEuler-SA-2024-1818",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-2320",
+			"notes":[
+				{
+					"text":"A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64"
+					],
+					"details":"xorg-x11-server-xwayland security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1818"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.8,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp1.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-2320"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1819.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1819.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"xorg-x11-server-xwayland security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Xwayland is an X server for running X clients under Wayland.   %package devel Summary: Development package Requires: pkgconfig   %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland.   %prep %autosetup -n xwayland-   %build %meson \\         -Dxwayland_eglstream=true \\         -Ddefault_font_path=\"catalogue:/etc/X11/fontpath.d,built-ins\" \\         -Dbuilder_string=\"Build ID:  -\" \\         -Dxkb_output_dir=/lib/xkb \\         -Dxcsecurity=true \\         -Dglamor=true \\         -Ddri3=true   %meson_build\n\nSecurity Fix(es):\n\nA flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.(CVE-2022-2320)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"xorg-x11-server-xwayland",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1819",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1819"
+			},
+			{
+				"summary":"CVE-2022-2320",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-2320&packageName=xorg-x11-server-xwayland"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2320"
+			},
+			{
+				"summary":"openEuler-SA-2024-1819 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1819.json"
+			}
+		],
+		"title":"An update for xorg-x11-server-xwayland is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:55+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:55+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:55+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:55+08:00",
+			"id":"openEuler-SA-2024-1819",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64.rpm",
+									"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64.rpm"
+								},
+								"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64",
+					"name":"xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64",
+					"name":"xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64",
+					"name":"xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64",
+					"name":"xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-2320",
+			"notes":[
+				{
+					"text":"A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64"
+					],
+					"details":"xorg-x11-server-xwayland security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1819"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.8,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debuginfo-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-debugsource-22.1.2-6.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:xorg-x11-server-Xwayland-devel-22.1.2-6.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-2320"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1820.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1820.json
@ -0,0 +1,314 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"rubygem-rack security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers,  web frameworks, and software in between (the so-called middleware) into  a single method call.\n\nSecurity Fix(es):\n\nA denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572)\n\nRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.(CVE-2024-26141)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"rubygem-rack",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1820",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1820"
+			},
+			{
+				"summary":"CVE-2022-44572",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-44572&packageName=rubygem-rack"
+			},
+			{
+				"summary":"CVE-2024-26141",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26141&packageName=rubygem-rack"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"
+			},
+			{
+				"summary":"openEuler-SA-2024-1820 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1820.json"
+			}
+		],
+		"title":"An update for rubygem-rack is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:57+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:57+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:57+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:57+08:00",
+			"id":"openEuler-SA-2024-1820",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-4.oe2003sp4.noarch.rpm",
+									"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.noarch.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch.rpm",
+									"name":"rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch.rpm"
+								},
+								"name":"rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-4.oe2003sp4.src.rpm",
+									"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.src.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rubygem-rack-2.2.3.1-4.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+					"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+					"name":"rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rubygem-rack-2.2.3.1-4.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src",
+					"name":"rubygem-rack-2.2.3.1-4.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-44572",
+			"notes":[
+				{
+					"text":"A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1820"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-44572"
+		},
+		{
+			"cve":"CVE-2024-26141",
+			"notes":[
+				{
+					"text":"Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1820"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-help-2.2.3.1-4.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rubygem-rack-2.2.3.1-4.oe2003sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-26141"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1821.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1821.json
@ -0,0 +1,314 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"rubygem-rack security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers,  web frameworks, and software in between (the so-called middleware) into  a single method call.\n\nSecurity Fix(es):\n\nA denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572)\n\nRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.(CVE-2024-26141)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"rubygem-rack",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1821",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1821"
+			},
+			{
+				"summary":"CVE-2022-44572",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-44572&packageName=rubygem-rack"
+			},
+			{
+				"summary":"CVE-2024-26141",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26141&packageName=rubygem-rack"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"
+			},
+			{
+				"summary":"openEuler-SA-2024-1821 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1821.json"
+			}
+		],
+		"title":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:58+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:58+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:58+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:58+08:00",
+			"id":"openEuler-SA-2024-1821",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-5.oe2203sp4.noarch.rpm",
+									"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.noarch.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch.rpm",
+									"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch.rpm"
+								},
+								"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-5.oe2203sp4.src.rpm",
+									"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.src.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rubygem-rack-2.2.3.1-5.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+					"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+					"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rubygem-rack-2.2.3.1-5.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src",
+					"name":"rubygem-rack-2.2.3.1-5.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-44572",
+			"notes":[
+				{
+					"text":"A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1821"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-44572"
+		},
+		{
+			"cve":"CVE-2024-26141",
+			"notes":[
+				{
+					"text":"Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1821"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-help-2.2.3.1-5.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rubygem-rack-2.2.3.1-5.oe2203sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-26141"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1822.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1822.json
@ -0,0 +1,314 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"rubygem-rack security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers,  web frameworks, and software in between (the so-called middleware) into  a single method call.\n\nSecurity Fix(es):\n\nA denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572)\n\nRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.(CVE-2024-26141)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"rubygem-rack",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1822",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1822"
+			},
+			{
+				"summary":"CVE-2022-44572",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-44572&packageName=rubygem-rack"
+			},
+			{
+				"summary":"CVE-2024-26141",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26141&packageName=rubygem-rack"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"
+			},
+			{
+				"summary":"openEuler-SA-2024-1822 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1822.json"
+			}
+		],
+		"title":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:51:59+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:51:59+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:51:59+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:51:59+08:00",
+			"id":"openEuler-SA-2024-1822",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-4.oe2203sp1.noarch.rpm",
+									"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.noarch.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch.rpm",
+									"name":"rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch.rpm"
+								},
+								"name":"rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-4.oe2203sp1.src.rpm",
+									"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.src.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rubygem-rack-2.2.3.1-4.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+					"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+					"name":"rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rubygem-rack-2.2.3.1-4.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src",
+					"name":"rubygem-rack-2.2.3.1-4.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-44572",
+			"notes":[
+				{
+					"text":"A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1822"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-44572"
+		},
+		{
+			"cve":"CVE-2024-26141",
+			"notes":[
+				{
+					"text":"Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1822"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-help-2.2.3.1-4.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rubygem-rack-2.2.3.1-4.oe2203sp1.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-26141"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1823.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1823.json
@ -0,0 +1,314 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"rubygem-rack security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Rack provides a minimal, modular, and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers,  web frameworks, and software in between (the so-called middleware) into  a single method call.\n\nSecurity Fix(es):\n\nA denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.(CVE-2022-44572)\n\nRack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.(CVE-2024-26141)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"rubygem-rack",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1823",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1823"
+			},
+			{
+				"summary":"CVE-2022-44572",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-44572&packageName=rubygem-rack"
+			},
+			{
+				"summary":"CVE-2024-26141",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-26141&packageName=rubygem-rack"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-44572"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26141"
+			},
+			{
+				"summary":"openEuler-SA-2024-1823 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1823.json"
+			}
+		],
+		"title":"An update for rubygem-rack is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:00+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:00+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:00+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:00+08:00",
+			"id":"openEuler-SA-2024-1823",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-5.oe2203sp3.noarch.rpm",
+									"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.noarch.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch.rpm",
+									"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch.rpm"
+								},
+								"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rubygem-rack-2.2.3.1-5.oe2203sp3.src.rpm",
+									"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.src.rpm"
+								},
+								"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rubygem-rack-2.2.3.1-5.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+					"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+					"name":"rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rubygem-rack-2.2.3.1-5.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src",
+					"name":"rubygem-rack-2.2.3.1-5.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-44572",
+			"notes":[
+				{
+					"text":"A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1823"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-44572"
+		},
+		{
+			"cve":"CVE-2024-26141",
+			"notes":[
+				{
+					"text":"Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+					],
+					"details":"rubygem-rack security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1823"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-help-2.2.3.1-5.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rubygem-rack-2.2.3.1-5.oe2203sp3.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-26141"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1824.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1824.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1825.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1825.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1826.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1826.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Low"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"vte291 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc.\n\nSecurity Fix(es):\n\nGNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.(CVE-2024-37535)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Low",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"vte291",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1826",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1826"
+			},
+			{
+				"summary":"CVE-2024-37535",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37535&packageName=vte291"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37535"
+			},
+			{
+				"summary":"openEuler-SA-2024-1826 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1826.json"
+			}
+		],
+		"title":"An update for vte291 is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:04+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:04+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:04+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:04+08:00",
+			"id":"openEuler-SA-2024-1826",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp3.aarch64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp3.aarch64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp3.aarch64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp3.aarch64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp3.aarch64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp3.aarch64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp3.src.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp3.src.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp3.x86_64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp3.x86_64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp3.x86_64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp3.x86_64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp3.x86_64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp3.x86_64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-0.62.3-2.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.aarch64",
+					"name":"vte291-0.62.3-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.aarch64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.aarch64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-0.62.3-2.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.src",
+					"name":"vte291-0.62.3-2.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-0.62.3-2.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.x86_64",
+					"name":"vte291-0.62.3-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.x86_64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.x86_64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-37535",
+			"notes":[
+				{
+					"text":"GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.x86_64"
+					],
+					"details":"vte291 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1826"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"LOW",
+						"baseScore":3.5,
+						"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:vte291-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-debuginfo-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-debugsource-0.62.3-2.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:vte291-devel-0.62.3-2.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Low",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37535"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1827.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1827.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Low"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"vte291 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc.\n\nSecurity Fix(es):\n\nGNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.(CVE-2024-37535)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Low",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"vte291",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1827",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1827"
+			},
+			{
+				"summary":"CVE-2024-37535",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37535&packageName=vte291"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37535"
+			},
+			{
+				"summary":"openEuler-SA-2024-1827 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1827.json"
+			}
+		],
+		"title":"An update for vte291 is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:05+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:05+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:05+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:05+08:00",
+			"id":"openEuler-SA-2024-1827",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.54.1-6.oe2003sp4.src.rpm",
+									"name":"vte291-0.54.1-6.oe2003sp4.src.rpm"
+								},
+								"name":"vte291-0.54.1-6.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.54.1-6.oe2003sp4.x86_64.rpm",
+									"name":"vte291-0.54.1-6.oe2003sp4.x86_64.rpm"
+								},
+								"name":"vte291-0.54.1-6.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64.rpm",
+									"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64.rpm"
+								},
+								"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-debugsource-0.54.1-6.oe2003sp4.x86_64.rpm",
+									"name":"vte291-debugsource-0.54.1-6.oe2003sp4.x86_64.rpm"
+								},
+								"name":"vte291-debugsource-0.54.1-6.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-devel-0.54.1-6.oe2003sp4.x86_64.rpm",
+									"name":"vte291-devel-0.54.1-6.oe2003sp4.x86_64.rpm"
+								},
+								"name":"vte291-devel-0.54.1-6.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.54.1-6.oe2003sp4.aarch64.rpm",
+									"name":"vte291-0.54.1-6.oe2003sp4.aarch64.rpm"
+								},
+								"name":"vte291-0.54.1-6.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64.rpm",
+									"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64.rpm"
+								},
+								"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-debugsource-0.54.1-6.oe2003sp4.aarch64.rpm",
+									"name":"vte291-debugsource-0.54.1-6.oe2003sp4.aarch64.rpm"
+								},
+								"name":"vte291-debugsource-0.54.1-6.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"vte291-devel-0.54.1-6.oe2003sp4.aarch64.rpm",
+									"name":"vte291-devel-0.54.1-6.oe2003sp4.aarch64.rpm"
+								},
+								"name":"vte291-devel-0.54.1-6.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-0.54.1-6.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.src",
+					"name":"vte291-0.54.1-6.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-0.54.1-6.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.x86_64",
+					"name":"vte291-0.54.1-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64",
+					"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-debugsource-0.54.1-6.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.x86_64",
+					"name":"vte291-debugsource-0.54.1-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-devel-0.54.1-6.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.x86_64",
+					"name":"vte291-devel-0.54.1-6.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-0.54.1-6.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.aarch64",
+					"name":"vte291-0.54.1-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64",
+					"name":"vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-debugsource-0.54.1-6.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.aarch64",
+					"name":"vte291-debugsource-0.54.1-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"vte291-devel-0.54.1-6.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.aarch64",
+					"name":"vte291-devel-0.54.1-6.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-37535",
+			"notes":[
+				{
+					"text":"GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.aarch64"
+					],
+					"details":"vte291 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1827"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"LOW",
+						"baseScore":3.5,
+						"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:vte291-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-debuginfo-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-debugsource-0.54.1-6.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:vte291-devel-0.54.1-6.oe2003sp4.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Low",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37535"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1828.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1828.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Low"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"vte291 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc.\n\nSecurity Fix(es):\n\nGNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.(CVE-2024-37535)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Low",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"vte291",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1828",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1828"
+			},
+			{
+				"summary":"CVE-2024-37535",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37535&packageName=vte291"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37535"
+			},
+			{
+				"summary":"openEuler-SA-2024-1828 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1828.json"
+			}
+		],
+		"title":"An update for vte291 is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:06+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:06+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:06+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:06+08:00",
+			"id":"openEuler-SA-2024-1828",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp4.aarch64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp4.aarch64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp4.aarch64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp4.aarch64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp4.aarch64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp4.aarch64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp4.src.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp4.src.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp4.x86_64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp4.x86_64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp4.x86_64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp4.x86_64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp4.x86_64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp4.x86_64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-0.62.3-2.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.aarch64",
+					"name":"vte291-0.62.3-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.aarch64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.aarch64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-0.62.3-2.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.src",
+					"name":"vte291-0.62.3-2.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-0.62.3-2.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.x86_64",
+					"name":"vte291-0.62.3-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.x86_64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.x86_64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-37535",
+			"notes":[
+				{
+					"text":"GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.x86_64"
+					],
+					"details":"vte291 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1828"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"LOW",
+						"baseScore":3.5,
+						"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:vte291-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-debuginfo-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-debugsource-0.62.3-2.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:vte291-devel-0.62.3-2.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Low",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37535"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1829.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1829.json
@ -0,0 +1,397 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Low"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"vte291 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"VTE provides a virtual terminal widget for GTK applications.VTE is mainly used in gnome-terminal, but can also be used to embed a console/terminal in games, editors, IDEs, etc.\n\nSecurity Fix(es):\n\nGNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.(CVE-2024-37535)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for vte291 is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Low",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"vte291",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1829",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1829"
+			},
+			{
+				"summary":"CVE-2024-37535",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37535&packageName=vte291"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37535"
+			},
+			{
+				"summary":"openEuler-SA-2024-1829 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1829.json"
+			}
+		],
+		"title":"An update for vte291 is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:07+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:07+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:07+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:07+08:00",
+			"id":"openEuler-SA-2024-1829",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp1.aarch64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp1.aarch64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp1.aarch64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp1.aarch64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp1.aarch64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp1.aarch64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp1.src.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp1.src.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-0.62.3-2.oe2203sp1.x86_64.rpm",
+									"name":"vte291-0.62.3-2.oe2203sp1.x86_64.rpm"
+								},
+								"name":"vte291-0.62.3-2.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64.rpm",
+									"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64.rpm"
+								},
+								"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-debugsource-0.62.3-2.oe2203sp1.x86_64.rpm",
+									"name":"vte291-debugsource-0.62.3-2.oe2203sp1.x86_64.rpm"
+								},
+								"name":"vte291-debugsource-0.62.3-2.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"vte291-devel-0.62.3-2.oe2203sp1.x86_64.rpm",
+									"name":"vte291-devel-0.62.3-2.oe2203sp1.x86_64.rpm"
+								},
+								"name":"vte291-devel-0.62.3-2.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-0.62.3-2.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.aarch64",
+					"name":"vte291-0.62.3-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.aarch64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.aarch64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-0.62.3-2.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.src",
+					"name":"vte291-0.62.3-2.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-0.62.3-2.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.x86_64",
+					"name":"vte291-0.62.3-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64",
+					"name":"vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-debugsource-0.62.3-2.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.x86_64",
+					"name":"vte291-debugsource-0.62.3-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"vte291-devel-0.62.3-2.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.x86_64",
+					"name":"vte291-devel-0.62.3-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-37535",
+			"notes":[
+				{
+					"text":"GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.x86_64"
+					],
+					"details":"vte291 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1829"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"LOW",
+						"baseScore":3.5,
+						"vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:vte291-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-debuginfo-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-debugsource-0.62.3-2.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:vte291-devel-0.62.3-2.oe2203sp1.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Low",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37535"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1830.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1830.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1831.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1831.json
@ -0,0 +1,580 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nInteger overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429)\n\nA null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.(CVE-2022-3341)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1831",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1831"
+			},
+			{
+				"summary":"CVE-2021-28429",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-28429&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2022-3341",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-3341&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28429"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3341"
+			},
+			{
+				"summary":"openEuler-SA-2024-1831 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1831.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:09+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:09+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:09+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:09+08:00",
+			"id":"openEuler-SA-2024-1831",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp4.aarch64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp4.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp4.src.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp4.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp4.x86_64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp4.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+					"name":"libavdevice-4.2.4-14.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+					"name":"ffmpeg-4.2.4-14.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64",
+					"name":"libavdevice-4.2.4-14.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2021-28429",
+			"notes":[
+				{
+					"text":"Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1831"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2021-28429"
+		},
+		{
+			"cve":"CVE-2022-3341",
+			"notes":[
+				{
+					"text":"A null pointer dereference issue was discovered in  FFmpeg  in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1831"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-14.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-14.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-3341"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1832.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1832.json
@ -0,0 +1,489 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nInteger overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1832",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1832"
+			},
+			{
+				"summary":"CVE-2021-28429",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-28429&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28429"
+			},
+			{
+				"summary":"openEuler-SA-2024-1832 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1832.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:10+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:10+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:10+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:10+08:00",
+			"id":"openEuler-SA-2024-1832",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp1.aarch64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp1.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp1.src.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp1.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp1.x86_64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp1.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.aarch64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.aarch64",
+					"name":"libavdevice-4.2.4-14.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.src",
+					"name":"ffmpeg-4.2.4-14.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.x86_64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.x86_64",
+					"name":"libavdevice-4.2.4-14.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2021-28429",
+			"notes":[
+				{
+					"text":"Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1832"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-14.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-14.oe2203sp1.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2021-28429"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1833.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1833.json
@ -0,0 +1,489 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nInteger overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1833",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1833"
+			},
+			{
+				"summary":"CVE-2021-28429",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-28429&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28429"
+			},
+			{
+				"summary":"openEuler-SA-2024-1833 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1833.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:11+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:11+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:11+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:11+08:00",
+			"id":"openEuler-SA-2024-1833",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp3.aarch64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp3.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp3.src.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp3.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libavdevice-4.2.4-14.oe2203sp3.x86_64.rpm",
+									"name":"libavdevice-4.2.4-14.oe2203sp3.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-14.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.aarch64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.aarch64",
+					"name":"libavdevice-4.2.4-14.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.src",
+					"name":"ffmpeg-4.2.4-14.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.x86_64",
+					"name":"ffmpeg-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64",
+					"name":"ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64",
+					"name":"ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libavdevice-4.2.4-14.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.x86_64",
+					"name":"libavdevice-4.2.4-14.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2021-28429",
+			"notes":[
+				{
+					"text":"Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1833"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-14.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-14.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2021-28429"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1834.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1834.json
@ -0,0 +1,489 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nInteger overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.(CVE-2021-28429)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1834",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1834"
+			},
+			{
+				"summary":"CVE-2021-28429",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-28429&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28429"
+			},
+			{
+				"summary":"openEuler-SA-2024-1834 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1834.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:12+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:12+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:12+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:12+08:00",
+			"id":"openEuler-SA-2024-1834",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-15.oe2003sp4.aarch64.rpm",
+									"name":"libavdevice-4.2.4-15.oe2003sp4.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-15.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-15.oe2003sp4.src.rpm",
+									"name":"ffmpeg-4.2.4-15.oe2003sp4.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-15.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-15.oe2003sp4.x86_64.rpm",
+									"name":"libavdevice-4.2.4-15.oe2003sp4.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-15.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.aarch64",
+					"name":"ffmpeg-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64",
+					"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64",
+					"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-15.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.aarch64",
+					"name":"libavdevice-4.2.4-15.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-15.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.src",
+					"name":"ffmpeg-4.2.4-15.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.x86_64",
+					"name":"ffmpeg-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64",
+					"name":"ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64",
+					"name":"ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-15.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.x86_64",
+					"name":"libavdevice-4.2.4-15.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2021-28429",
+			"notes":[
+				{
+					"text":"Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1834"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-15.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-15.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2021-28429"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1835.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1835.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1836.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1836.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1837.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1837.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1838.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1838.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1839.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1839.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1840.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1840.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1841.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1841.json
@ -0,0 +1,426 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"exiv2 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for exiv2 is now available for openEuler-24.03-LTS",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\n\nSecurity Fix(es):\n\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.(CVE-2024-39695)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for exiv2 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"exiv2",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1841",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841"
+			},
+			{
+				"summary":"CVE-2024-39695",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-39695&packageName=exiv2"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39695"
+			},
+			{
+				"summary":"openEuler-SA-2024-1841 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1841.json"
+			}
+		],
+		"title":"An update for exiv2 is now available for openEuler-24.03-LTS",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:22+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:22+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:22+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:22+08:00",
+			"id":"openEuler-SA-2024-1841",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-0.28.2-2.oe2403.aarch64.rpm",
+									"name":"exiv2-0.28.2-2.oe2403.aarch64.rpm"
+								},
+								"name":"exiv2-0.28.2-2.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm",
+									"name":"exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm"
+								},
+								"name":"exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm",
+									"name":"exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm"
+								},
+								"name":"exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-devel-0.28.2-2.oe2403.aarch64.rpm",
+									"name":"exiv2-devel-0.28.2-2.oe2403.aarch64.rpm"
+								},
+								"name":"exiv2-devel-0.28.2-2.oe2403.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-0.28.2-2.oe2403.src.rpm",
+									"name":"exiv2-0.28.2-2.oe2403.src.rpm"
+								},
+								"name":"exiv2-0.28.2-2.oe2403.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-0.28.2-2.oe2403.x86_64.rpm",
+									"name":"exiv2-0.28.2-2.oe2403.x86_64.rpm"
+								},
+								"name":"exiv2-0.28.2-2.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm",
+									"name":"exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm"
+								},
+								"name":"exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm",
+									"name":"exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm"
+								},
+								"name":"exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-devel-0.28.2-2.oe2403.x86_64.rpm",
+									"name":"exiv2-devel-0.28.2-2.oe2403.x86_64.rpm"
+								},
+								"name":"exiv2-devel-0.28.2-2.oe2403.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"exiv2-help-0.28.2-2.oe2403.noarch.rpm",
+									"name":"exiv2-help-0.28.2-2.oe2403.noarch.rpm"
+								},
+								"name":"exiv2-help-0.28.2-2.oe2403.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-0.28.2-2.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.aarch64",
+					"name":"exiv2-0.28.2-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-debuginfo-0.28.2-2.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.aarch64",
+					"name":"exiv2-debuginfo-0.28.2-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-debugsource-0.28.2-2.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.aarch64",
+					"name":"exiv2-debugsource-0.28.2-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-devel-0.28.2-2.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.aarch64",
+					"name":"exiv2-devel-0.28.2-2.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-0.28.2-2.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.src",
+					"name":"exiv2-0.28.2-2.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-0.28.2-2.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.x86_64",
+					"name":"exiv2-0.28.2-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-debuginfo-0.28.2-2.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.x86_64",
+					"name":"exiv2-debuginfo-0.28.2-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-debugsource-0.28.2-2.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.x86_64",
+					"name":"exiv2-debugsource-0.28.2-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-devel-0.28.2-2.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.x86_64",
+					"name":"exiv2-devel-0.28.2-2.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"exiv2-help-0.28.2-2.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:exiv2-help-0.28.2-2.oe2403.noarch",
+					"name":"exiv2-help-0.28.2-2.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-39695",
+			"notes":[
+				{
+					"text":"Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.aarch64",
+					"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.aarch64",
+					"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.aarch64",
+					"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.aarch64",
+					"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.src",
+					"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.x86_64",
+					"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.x86_64",
+					"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.x86_64",
+					"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.x86_64",
+					"openEuler-24.03-LTS:exiv2-help-0.28.2-2.oe2403.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.src",
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-help-0.28.2-2.oe2403.noarch"
+					],
+					"details":"exiv2 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1841"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.aarch64",
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.src",
+						"openEuler-24.03-LTS:exiv2-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-debuginfo-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-debugsource-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-devel-0.28.2-2.oe2403.x86_64",
+						"openEuler-24.03-LTS:exiv2-help-0.28.2-2.oe2403.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-39695"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1842.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1842.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1843.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1843.json
@ -0,0 +1,886 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"glibc security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-20.03-LTS-SP4.",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,  login, exit and more.\n\nSecurity Fix(es):\n\nThe iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n(CVE-2024-2961)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"glibc",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1843",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1843"
+			},
+			{
+				"summary":"CVE-2024-2961",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-2961&packageName=glibc"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
+			},
+			{
+				"summary":"openEuler-SA-2024-1843 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1843.json"
+			}
+		],
+		"title":"An update for glibc is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:25+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:25+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:25+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:25+08:00",
+			"id":"openEuler-SA-2024-1843",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debuginfo-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-debuginfo-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-debuginfo-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debugutils-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-debugutils-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-debugutils-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libnsl-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"libnsl-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"libnsl-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"nscd-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"nscd-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"nscd-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-benchtests-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-benchtests-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-benchtests-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"nss_modules-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"nss_modules-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"nss_modules-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-nss-devel-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-nss-devel-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-nss-devel-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debugsource-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-debugsource-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-debugsource-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-all-langpacks-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-all-langpacks-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-locale-source-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-locale-source-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-locale-source-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-common-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-common-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-common-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-compat-2.17-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-compat-2.17-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-devel-2.28-101.oe2003sp4.aarch64.rpm",
+									"name":"glibc-devel-2.28-101.oe2003sp4.aarch64.rpm"
+								},
+								"name":"glibc-devel-2.28-101.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-help-2.28-101.oe2003sp4.noarch.rpm",
+									"name":"glibc-help-2.28-101.oe2003sp4.noarch.rpm"
+								},
+								"name":"glibc-help-2.28-101.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-2.28-101.oe2003sp4.src.rpm",
+									"name":"glibc-2.28-101.oe2003sp4.src.rpm"
+								},
+								"name":"glibc-2.28-101.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-devel-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-devel-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-devel-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-nss-devel-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-nss-devel-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-nss-devel-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-locale-source-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-locale-source-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-locale-source-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"nscd-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"nscd-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"nscd-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-common-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-common-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-common-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debugutils-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-debugutils-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-debugutils-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-all-langpacks-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-all-langpacks-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"nss_modules-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"nss_modules-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"nss_modules-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debuginfo-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-debuginfo-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-debuginfo-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-compat-2.17-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-compat-2.17-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libnsl-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"libnsl-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"libnsl-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-benchtests-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-benchtests-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-benchtests-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"glibc-debugsource-2.28-101.oe2003sp4.x86_64.rpm",
+									"name":"glibc-debugsource-2.28-101.oe2003sp4.x86_64.rpm"
+								},
+								"name":"glibc-debugsource-2.28-101.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debuginfo-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-debuginfo-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debugutils-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-debugutils-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libnsl-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.aarch64",
+					"name":"libnsl-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"nscd-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.aarch64",
+					"name":"nscd-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-benchtests-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-benchtests-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"nss_modules-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.aarch64",
+					"name":"nss_modules-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-nss-devel-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-nss-devel-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debugsource-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-debugsource-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-all-langpacks-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-all-langpacks-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-locale-source-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-locale-source-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-common-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-common-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-compat-2.17-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-compat-2.17-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-devel-2.28-101.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.aarch64",
+					"name":"glibc-devel-2.28-101.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-help-2.28-101.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-help-2.28-101.oe2003sp4.noarch",
+					"name":"glibc-help-2.28-101.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-2.28-101.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.src",
+					"name":"glibc-2.28-101.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-devel-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-devel-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-nss-devel-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-nss-devel-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-locale-source-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-locale-source-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"nscd-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.x86_64",
+					"name":"nscd-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-common-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-common-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debugutils-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-debugutils-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-all-langpacks-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-all-langpacks-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"nss_modules-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.x86_64",
+					"name":"nss_modules-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debuginfo-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-debuginfo-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-compat-2.17-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-compat-2.17-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libnsl-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.x86_64",
+					"name":"libnsl-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-benchtests-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-benchtests-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"glibc-debugsource-2.28-101.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.x86_64",
+					"name":"glibc-debugsource-2.28-101.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-2961",
+			"notes":[
+				{
+					"text":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:glibc-help-2.28-101.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-help-2.28-101.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.x86_64"
+					],
+					"details":"glibc security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1843"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:glibc-help-2.28-101.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:glibc-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-devel-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-nss-devel-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-locale-source-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:nscd-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-common-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debugutils-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-all-langpacks-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:nss_modules-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debuginfo-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-compat-2.17-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libnsl-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-benchtests-2.28-101.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:glibc-debugsource-2.28-101.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-2961"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1844.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1844.json
@ -0,0 +1,886 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"glibc security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-22.03-LTS-SP1.",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,  login, exit and more.\n\nSecurity Fix(es):\n\nThe iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n(CVE-2024-2961)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"glibc",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1844",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1844"
+			},
+			{
+				"summary":"CVE-2024-2961",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-2961&packageName=glibc"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
+			},
+			{
+				"summary":"openEuler-SA-2024-1844 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1844.json"
+			}
+		],
+		"title":"An update for glibc is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:26+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:26+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:26+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:26+08:00",
+			"id":"openEuler-SA-2024-1844",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-nss-devel-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-nss-devel-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-nss-devel-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-devel-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-devel-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-devel-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"nscd-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"nscd-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"nscd-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"nss_modules-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"nss_modules-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"nss_modules-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-locale-source-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-locale-source-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-locale-source-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debuginfo-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-debuginfo-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-debuginfo-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-common-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-common-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-common-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-all-langpacks-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-all-langpacks-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-compat-2.17-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-compat-2.17-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-locale-archive-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-locale-archive-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-locale-archive-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libnsl-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"libnsl-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"libnsl-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debugsource-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-debugsource-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-debugsource-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debugutils-2.34-150.oe2203sp1.aarch64.rpm",
+									"name":"glibc-debugutils-2.34-150.oe2203sp1.aarch64.rpm"
+								},
+								"name":"glibc-debugutils-2.34-150.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-help-2.34-150.oe2203sp1.noarch.rpm",
+									"name":"glibc-help-2.34-150.oe2203sp1.noarch.rpm"
+								},
+								"name":"glibc-help-2.34-150.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp1.src.rpm",
+									"name":"glibc-2.34-150.oe2203sp1.src.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-all-langpacks-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-all-langpacks-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-locale-archive-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-locale-archive-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-locale-archive-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-devel-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-devel-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-devel-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debugutils-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-debugutils-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-debugutils-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debuginfo-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-debuginfo-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-debuginfo-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-common-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-common-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-common-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-compat-2.17-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-compat-2.17-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-debugsource-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-debugsource-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-debugsource-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"nscd-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"nscd-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"nscd-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libnsl-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"libnsl-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"libnsl-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-locale-source-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-locale-source-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-locale-source-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"glibc-nss-devel-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"glibc-nss-devel-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"glibc-nss-devel-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"nss_modules-2.34-150.oe2203sp1.x86_64.rpm",
+									"name":"nss_modules-2.34-150.oe2203sp1.x86_64.rpm"
+								},
+								"name":"nss_modules-2.34-150.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-nss-devel-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-nss-devel-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-devel-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-devel-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"nscd-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.aarch64",
+					"name":"nscd-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"nss_modules-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.aarch64",
+					"name":"nss_modules-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-locale-source-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-locale-source-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debuginfo-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-debuginfo-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-common-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-common-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-all-langpacks-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-all-langpacks-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-compat-2.17-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-compat-2.17-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-locale-archive-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-locale-archive-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libnsl-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.aarch64",
+					"name":"libnsl-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debugsource-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-debugsource-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debugutils-2.34-150.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.aarch64",
+					"name":"glibc-debugutils-2.34-150.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-help-2.34-150.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-help-2.34-150.oe2203sp1.noarch",
+					"name":"glibc-help-2.34-150.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-2.34-150.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.src",
+					"name":"glibc-2.34-150.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-all-langpacks-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-all-langpacks-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-locale-archive-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-locale-archive-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-devel-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-devel-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debugutils-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-debugutils-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debuginfo-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-debuginfo-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-common-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-common-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-compat-2.17-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-compat-2.17-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-debugsource-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-debugsource-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"nscd-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.x86_64",
+					"name":"nscd-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libnsl-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.x86_64",
+					"name":"libnsl-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-locale-source-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-locale-source-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"glibc-nss-devel-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.x86_64",
+					"name":"glibc-nss-devel-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"nss_modules-2.34-150.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.x86_64",
+					"name":"nss_modules-2.34-150.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-2961",
+			"notes":[
+				{
+					"text":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:glibc-help-2.34-150.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-help-2.34-150.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.x86_64"
+					],
+					"details":"glibc security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1844"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:glibc-help-2.34-150.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:glibc-all-langpacks-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-archive-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-devel-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debugutils-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debuginfo-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-common-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-compat-2.17-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-debugsource-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:nscd-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libnsl-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-locale-source-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:glibc-nss-devel-2.34-150.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:nss_modules-2.34-150.oe2203sp1.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-2961"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1845.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1845.json
@ -0,0 +1,886 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"glibc security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-22.03-LTS-SP3.",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,  login, exit and more.\n\nSecurity Fix(es):\n\nThe iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.\n(CVE-2024-2961)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for glibc is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"glibc",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1845",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1845"
+			},
+			{
+				"summary":"CVE-2024-2961",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-2961&packageName=glibc"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
+			},
+			{
+				"summary":"openEuler-SA-2024-1845 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1845.json"
+			}
+		],
+		"title":"An update for glibc is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-12T22:52:27+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-12T22:52:27+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-12T22:52:27+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-12T22:52:27+08:00",
+			"id":"openEuler-SA-2024-1845",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"nss_modules-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"nss_modules-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"nss_modules-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debuginfo-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-debuginfo-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-debuginfo-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-locale-archive-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-locale-archive-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-locale-archive-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-all-langpacks-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-all-langpacks-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-devel-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-devel-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-devel-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debugsource-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-debugsource-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-debugsource-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libnsl-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"libnsl-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"libnsl-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debugutils-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-debugutils-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-debugutils-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-nss-devel-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-nss-devel-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-nss-devel-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-locale-source-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-locale-source-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-locale-source-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-compat-2.17-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-compat-2.17-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"nscd-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"nscd-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"nscd-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-common-2.34-150.oe2203sp3.aarch64.rpm",
+									"name":"glibc-common-2.34-150.oe2203sp3.aarch64.rpm"
+								},
+								"name":"glibc-common-2.34-150.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-help-2.34-150.oe2203sp3.noarch.rpm",
+									"name":"glibc-help-2.34-150.oe2203sp3.noarch.rpm"
+								},
+								"name":"glibc-help-2.34-150.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp3.src.rpm",
+									"name":"glibc-2.34-150.oe2203sp3.src.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-compat-2.17-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-compat-2.17-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-compat-2.17-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debuginfo-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-debuginfo-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-debuginfo-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debugutils-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-debugutils-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-debugutils-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"nss_modules-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"nss_modules-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"nss_modules-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-all-langpacks-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-all-langpacks-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-all-langpacks-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-locale-source-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-locale-source-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-locale-source-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"nscd-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"nscd-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"nscd-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-common-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-common-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-common-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-locale-archive-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-locale-archive-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-locale-archive-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-debugsource-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-debugsource-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-debugsource-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libnsl-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"libnsl-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"libnsl-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-devel-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-devel-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-devel-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"glibc-nss-devel-2.34-150.oe2203sp3.x86_64.rpm",
+									"name":"glibc-nss-devel-2.34-150.oe2203sp3.x86_64.rpm"
+								},
+								"name":"glibc-nss-devel-2.34-150.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"nss_modules-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.aarch64",
+					"name":"nss_modules-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debuginfo-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-debuginfo-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-locale-archive-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-locale-archive-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-all-langpacks-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-all-langpacks-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-devel-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-devel-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debugsource-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-debugsource-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libnsl-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.aarch64",
+					"name":"libnsl-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debugutils-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-debugutils-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-nss-devel-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-nss-devel-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-locale-source-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-locale-source-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-compat-2.17-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-compat-2.17-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"nscd-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.aarch64",
+					"name":"nscd-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-common-2.34-150.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.aarch64",
+					"name":"glibc-common-2.34-150.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-help-2.34-150.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-help-2.34-150.oe2203sp3.noarch",
+					"name":"glibc-help-2.34-150.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-2.34-150.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.src",
+					"name":"glibc-2.34-150.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-compat-2.17-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-compat-2.17-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debuginfo-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-debuginfo-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debugutils-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-debugutils-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"nss_modules-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.x86_64",
+					"name":"nss_modules-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-all-langpacks-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-all-langpacks-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-locale-source-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-locale-source-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"nscd-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.x86_64",
+					"name":"nscd-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-common-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-common-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-locale-archive-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-locale-archive-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-debugsource-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-debugsource-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libnsl-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.x86_64",
+					"name":"libnsl-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-devel-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-devel-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"glibc-nss-devel-2.34-150.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.x86_64",
+					"name":"glibc-nss-devel-2.34-150.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-2961",
+			"notes":[
+				{
+					"text":"The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:glibc-help-2.34-150.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-help-2.34-150.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.x86_64"
+					],
+					"details":"glibc security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1845"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:glibc-help-2.34-150.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:glibc-compat-2.17-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debuginfo-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debugutils-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:nss_modules-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-all-langpacks-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-source-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:nscd-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-common-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-locale-archive-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-debugsource-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libnsl-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-devel-2.34-150.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:glibc-nss-devel-2.34-150.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-2961"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1846.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1846.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1847.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1847.json
@ -0,0 +1,380 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Low"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"mod_http2 security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for mod_http2 is now available for openEuler-24.03-LTS",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Mod_h[ttp]2 is an official Apache httpd module, first released in 2.4.17.  See Apache downloads to get a released version. mod_proxy_h[ttp]2 has been released in 2.4.23.\n\nSecurity Fix(es):\n\nServing WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.(CVE-2024-36387)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for mod_http2 is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Low",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"mod_http2",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1847",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1847"
+			},
+			{
+				"summary":"CVE-2024-36387",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36387&packageName=mod_http2"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
+			},
+			{
+				"summary":"openEuler-SA-2024-1847 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1847.json"
+			}
+		],
+		"title":"An update for mod_http2 is now available for openEuler-24.03-LTS",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:44+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:44+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:44+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:44+08:00",
+			"id":"openEuler-SA-2024-1847",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-2.0.25-3.oe2403.aarch64.rpm",
+									"name":"mod_http2-2.0.25-3.oe2403.aarch64.rpm"
+								},
+								"name":"mod_http2-2.0.25-3.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-debuginfo-2.0.25-3.oe2403.aarch64.rpm",
+									"name":"mod_http2-debuginfo-2.0.25-3.oe2403.aarch64.rpm"
+								},
+								"name":"mod_http2-debuginfo-2.0.25-3.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-debugsource-2.0.25-3.oe2403.aarch64.rpm",
+									"name":"mod_http2-debugsource-2.0.25-3.oe2403.aarch64.rpm"
+								},
+								"name":"mod_http2-debugsource-2.0.25-3.oe2403.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-2.0.25-3.oe2403.src.rpm",
+									"name":"mod_http2-2.0.25-3.oe2403.src.rpm"
+								},
+								"name":"mod_http2-2.0.25-3.oe2403.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-2.0.25-3.oe2403.x86_64.rpm",
+									"name":"mod_http2-2.0.25-3.oe2403.x86_64.rpm"
+								},
+								"name":"mod_http2-2.0.25-3.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-debuginfo-2.0.25-3.oe2403.x86_64.rpm",
+									"name":"mod_http2-debuginfo-2.0.25-3.oe2403.x86_64.rpm"
+								},
+								"name":"mod_http2-debuginfo-2.0.25-3.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-debugsource-2.0.25-3.oe2403.x86_64.rpm",
+									"name":"mod_http2-debugsource-2.0.25-3.oe2403.x86_64.rpm"
+								},
+								"name":"mod_http2-debugsource-2.0.25-3.oe2403.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"mod_http2-help-2.0.25-3.oe2403.noarch.rpm",
+									"name":"mod_http2-help-2.0.25-3.oe2403.noarch.rpm"
+								},
+								"name":"mod_http2-help-2.0.25-3.oe2403.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-2.0.25-3.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.aarch64",
+					"name":"mod_http2-2.0.25-3.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-debuginfo-2.0.25-3.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.aarch64",
+					"name":"mod_http2-debuginfo-2.0.25-3.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-debugsource-2.0.25-3.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.aarch64",
+					"name":"mod_http2-debugsource-2.0.25-3.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-2.0.25-3.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.src",
+					"name":"mod_http2-2.0.25-3.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-2.0.25-3.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.x86_64",
+					"name":"mod_http2-2.0.25-3.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-debuginfo-2.0.25-3.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.x86_64",
+					"name":"mod_http2-debuginfo-2.0.25-3.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-debugsource-2.0.25-3.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.x86_64",
+					"name":"mod_http2-debugsource-2.0.25-3.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"mod_http2-help-2.0.25-3.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:mod_http2-help-2.0.25-3.oe2403.noarch",
+					"name":"mod_http2-help-2.0.25-3.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-36387",
+			"notes":[
+				{
+					"text":"Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.aarch64",
+					"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.aarch64",
+					"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.aarch64",
+					"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.src",
+					"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.x86_64",
+					"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.x86_64",
+					"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.x86_64",
+					"openEuler-24.03-LTS:mod_http2-help-2.0.25-3.oe2403.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.src",
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-help-2.0.25-3.oe2403.noarch"
+					],
+					"details":"mod_http2 security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1847"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"LOW",
+						"baseScore":3.7,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.src",
+						"openEuler-24.03-LTS:mod_http2-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-debuginfo-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-debugsource-2.0.25-3.oe2403.x86_64",
+						"openEuler-24.03-LTS:mod_http2-help-2.0.25-3.oe2403.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Low",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-36387"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1848.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1848.json
@ -0,0 +1,288 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"arm-trusted-firmware security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\n\nSecurity Fix(es):\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .\n\n\n\n\nIn line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire.(CVE-2024-6563)\n\nBuffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.(CVE-2024-6564)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"arm-trusted-firmware",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1848",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1848"
+			},
+			{
+				"summary":"CVE-2024-6563",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6563&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"CVE-2024-6564",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6564&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6563"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6564"
+			},
+			{
+				"summary":"openEuler-SA-2024-1848 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1848.json"
+			}
+		],
+		"title":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:45+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:45+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:45+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:45+08:00",
+			"id":"openEuler-SA-2024-1848",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"arm-trusted-firmware-2.3-5.oe2203sp4.src.rpm",
+									"name":"arm-trusted-firmware-2.3-5.oe2203sp4.src.rpm"
+								},
+								"name":"arm-trusted-firmware-2.3-5.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64.rpm",
+									"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64.rpm"
+								},
+								"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"arm-trusted-firmware-2.3-5.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+					"name":"arm-trusted-firmware-2.3-5.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64",
+					"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6563",
+			"notes":[
+				{
+					"text":"Buffer Copy without Checking Size of Input ( Classic Buffer Overflow ) vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313  addr_loaded_cnt  is checked not to be  CHECK_IMAGE_AREA_CNT  (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of  dst  will be written to the area immediately after the buffer, which is  addr_loaded_cnt . This will allow an attacker to freely control the value of  addr_loaded_cnt  and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ( len ) they desire.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1848"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6563"
+		},
+		{
+			"cve":"CVE-2024-6564",
+			"notes":[
+				{
+					"text":"Buffer overflow in  rcar_dev_init   due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1848"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-2.3-5.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:arm-trusted-firmware-armv8-2.3-5.oe2203sp4.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6564"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1849.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1849.json
@ -0,0 +1,288 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"arm-trusted-firmware security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\n\nSecurity Fix(es):\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .\n\n\n\n\nIn line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire.(CVE-2024-6563)\n\nBuffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.(CVE-2024-6564)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"arm-trusted-firmware",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1849",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1849"
+			},
+			{
+				"summary":"CVE-2024-6563",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6563&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"CVE-2024-6564",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6564&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6563"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6564"
+			},
+			{
+				"summary":"openEuler-SA-2024-1849 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1849.json"
+			}
+		],
+		"title":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:46+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:46+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:46+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:46+08:00",
+			"id":"openEuler-SA-2024-1849",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"arm-trusted-firmware-2.3-5.oe2203sp1.src.rpm",
+									"name":"arm-trusted-firmware-2.3-5.oe2203sp1.src.rpm"
+								},
+								"name":"arm-trusted-firmware-2.3-5.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64.rpm",
+									"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64.rpm"
+								},
+								"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"arm-trusted-firmware-2.3-5.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+					"name":"arm-trusted-firmware-2.3-5.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64",
+					"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6563",
+			"notes":[
+				{
+					"text":"Buffer Copy without Checking Size of Input ( Classic Buffer Overflow ) vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313  addr_loaded_cnt  is checked not to be  CHECK_IMAGE_AREA_CNT  (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of  dst  will be written to the area immediately after the buffer, which is  addr_loaded_cnt . This will allow an attacker to freely control the value of  addr_loaded_cnt  and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ( len ) they desire.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1849"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6563"
+		},
+		{
+			"cve":"CVE-2024-6564",
+			"notes":[
+				{
+					"text":"Buffer overflow in  rcar_dev_init   due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1849"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-2.3-5.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:arm-trusted-firmware-armv8-2.3-5.oe2203sp1.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6564"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1850.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1850.json
@ -0,0 +1,288 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"arm-trusted-firmware security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\n\nSecurity Fix(es):\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .\n\n\n\n\nIn line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire.(CVE-2024-6563)\n\nBuffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.(CVE-2024-6564)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"arm-trusted-firmware",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1850",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1850"
+			},
+			{
+				"summary":"CVE-2024-6563",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6563&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"CVE-2024-6564",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6564&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6563"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6564"
+			},
+			{
+				"summary":"openEuler-SA-2024-1850 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1850.json"
+			}
+		],
+		"title":"An update for arm-trusted-firmware is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:48+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:48+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:48+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:48+08:00",
+			"id":"openEuler-SA-2024-1850",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"arm-trusted-firmware-2.3-5.oe2203sp3.src.rpm",
+									"name":"arm-trusted-firmware-2.3-5.oe2203sp3.src.rpm"
+								},
+								"name":"arm-trusted-firmware-2.3-5.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64.rpm",
+									"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64.rpm"
+								},
+								"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"arm-trusted-firmware-2.3-5.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+					"name":"arm-trusted-firmware-2.3-5.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64",
+					"name":"arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6563",
+			"notes":[
+				{
+					"text":"Buffer Copy without Checking Size of Input ( Classic Buffer Overflow ) vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313  addr_loaded_cnt  is checked not to be  CHECK_IMAGE_AREA_CNT  (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of  dst  will be written to the area immediately after the buffer, which is  addr_loaded_cnt . This will allow an attacker to freely control the value of  addr_loaded_cnt  and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ( len ) they desire.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1850"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6563"
+		},
+		{
+			"cve":"CVE-2024-6564",
+			"notes":[
+				{
+					"text":"Buffer overflow in  rcar_dev_init   due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1850"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-2.3-5.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:arm-trusted-firmware-armv8-2.3-5.oe2203sp3.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6564"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1851.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1851.json
@ -0,0 +1,288 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"arm-trusted-firmware security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-24.03-LTS",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\n\nSecurity Fix(es):\n\nBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .\n\n\n\n\nIn line 313 \"addr_loaded_cnt\" is checked not to be \"CHECK_IMAGE_AREA_CNT\" (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of \"dst\" will be written to the area immediately after the buffer, which is \"addr_loaded_cnt\". This will allow an attacker to freely control the value of \"addr_loaded_cnt\" and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value (\"len\") they desire.(CVE-2024-6563)\n\nBuffer overflow in \"rcar_dev_init\"  due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.(CVE-2024-6564)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for arm-trusted-firmware is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"arm-trusted-firmware",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1851",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1851"
+			},
+			{
+				"summary":"CVE-2024-6563",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6563&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"CVE-2024-6564",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6564&packageName=arm-trusted-firmware"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6563"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6564"
+			},
+			{
+				"summary":"openEuler-SA-2024-1851 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1851.json"
+			}
+		],
+		"title":"An update for arm-trusted-firmware is now available for openEuler-24.03-LTS",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:49+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:49+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:49+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:49+08:00",
+			"id":"openEuler-SA-2024-1851",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64.rpm",
+									"name":"arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64.rpm"
+								},
+								"name":"arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"arm-trusted-firmware-2.9-3.oe2403.src.rpm",
+									"name":"arm-trusted-firmware-2.9-3.oe2403.src.rpm"
+								},
+								"name":"arm-trusted-firmware-2.9-3.oe2403.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+					"name":"arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"arm-trusted-firmware-2.9-3.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src",
+					"name":"arm-trusted-firmware-2.9-3.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6563",
+			"notes":[
+				{
+					"text":"Buffer Copy without Checking Size of Input ( Classic Buffer Overflow ) vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulnerability is associated with program files  https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/i... https://github.Com/renesas-rcar/arm-trusted-firmware/blob/rcar_gen3_v2.5/drivers/renesas/common/io/io_rcar.C .In line 313  addr_loaded_cnt  is checked not to be  CHECK_IMAGE_AREA_CNT  (5) or larger, this check does not halt the function. Immediately after (line 317) there will be an overflow in the buffer and the value of  dst  will be written to the area immediately after the buffer, which is  addr_loaded_cnt . This will allow an attacker to freely control the value of  addr_loaded_cnt  and thus control the destination of the write immediately after (line 318). The write in line 318 will then be fully controlled by said attacker, with whichever address and whichever value ( len ) they desire.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+					"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1851"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6563"
+		},
+		{
+			"cve":"CVE-2024-6564",
+			"notes":[
+				{
+					"text":"Buffer overflow in  rcar_dev_init   due to using due to using untrusted data (rcar_image_number) as a loop counter before verifying it against RCAR_MAX_BL3X_IMAGE. This could lead to a full bypass of secure boot.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+					"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+					],
+					"details":"arm-trusted-firmware security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1851"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.7,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:arm-trusted-firmware-armv8-2.9-3.oe2403.aarch64",
+						"openEuler-24.03-LTS:arm-trusted-firmware-2.9-3.oe2403.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6564"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1852.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1852.json
@ -0,0 +1,846 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"httpd security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"httpd",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1852",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1852"
+			},
+			{
+				"summary":"CVE-2024-38474",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
+			},
+			{
+				"summary":"CVE-2024-38477",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
+			},
+			{
+				"summary":"openEuler-SA-2024-1852 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1852.json"
+			}
+		],
+		"title":"An update for httpd is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:50+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:50+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:50+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:50+08:00",
+			"id":"openEuler-SA-2024-1852",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-filesystem-2.4.51-22.oe2203sp3.noarch.rpm",
+									"name":"httpd-filesystem-2.4.51-22.oe2203sp3.noarch.rpm"
+								},
+								"name":"httpd-filesystem-2.4.51-22.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-help-2.4.51-22.oe2203sp3.noarch.rpm",
+									"name":"httpd-help-2.4.51-22.oe2203sp3.noarch.rpm"
+								},
+								"name":"httpd-help-2.4.51-22.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp3.aarch64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp3.aarch64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp3.src.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp3.src.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp3.x86_64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp3.x86_64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-filesystem-2.4.51-22.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+					"name":"httpd-filesystem-2.4.51-22.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-help-2.4.51-22.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+					"name":"httpd-help-2.4.51-22.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+					"name":"httpd-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+					"name":"mod_md-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+					"name":"mod_session-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-2.4.51-22.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+					"name":"httpd-2.4.51-22.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+					"name":"httpd-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+					"name":"mod_md-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+					"name":"mod_session-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38474",
+			"notes":[
+				{
+					"text":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1852"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.2,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38474"
+		},
+		{
+			"cve":"CVE-2024-38477",
+			"notes":[
+				{
+					"text":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1852"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:httpd-filesystem-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-help-2.4.51-22.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:httpd-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debuginfo-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-debugsource-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-devel-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:httpd-tools-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ldap-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_md-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_proxy_html-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_session-2.4.51-22.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:mod_ssl-2.4.51-22.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38477"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1853.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1853.json
@ -0,0 +1,846 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"httpd security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"httpd",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1853",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
+			},
+			{
+				"summary":"CVE-2024-38474",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
+			},
+			{
+				"summary":"CVE-2024-38477",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
+			},
+			{
+				"summary":"openEuler-SA-2024-1853 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1853.json"
+			}
+		],
+		"title":"An update for httpd is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:51+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:51+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:51+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:51+08:00",
+			"id":"openEuler-SA-2024-1853",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
+									"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
+									"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm"
+								},
+								"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
+									"name":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm"
+								},
+								"name":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
+									"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm"
+								},
+								"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.43-25.oe2003sp4.src.rpm",
+									"name":"httpd-2.4.43-25.oe2003sp4.src.rpm"
+								},
+								"name":"httpd-2.4.43-25.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+					"name":"httpd-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+					"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+					"name":"httpd-debugsource-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-devel-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+					"name":"httpd-devel-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-tools-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+					"name":"httpd-tools-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_ldap-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+					"name":"mod_ldap-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_md-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+					"name":"mod_md-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+					"name":"mod_proxy_html-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_session-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+					"name":"mod_session-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_ssl-2.4.43-25.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+					"name":"mod_ssl-2.4.43-25.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+					"name":"httpd-filesystem-2.4.43-25.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-help-2.4.43-25.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+					"name":"httpd-help-2.4.43-25.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+					"name":"httpd-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+					"name":"httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+					"name":"httpd-debugsource-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-devel-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+					"name":"httpd-devel-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-tools-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+					"name":"httpd-tools-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_ldap-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+					"name":"mod_ldap-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_md-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+					"name":"mod_md-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+					"name":"mod_proxy_html-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_session-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+					"name":"mod_session-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mod_ssl-2.4.43-25.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+					"name":"mod_ssl-2.4.43-25.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"httpd-2.4.43-25.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src",
+					"name":"httpd-2.4.43-25.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38474",
+			"notes":[
+				{
+					"text":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.2,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38474"
+		},
+		{
+			"cve":"CVE-2024-38477",
+			"notes":[
+				{
+					"text":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1853"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:httpd-filesystem-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-help-2.4.43-25.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debuginfo-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-debugsource-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-devel-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-tools-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ldap-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_md-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_proxy_html-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_session-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:mod_ssl-2.4.43-25.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:httpd-2.4.43-25.oe2003sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38477"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json
@ -0,0 +1,972 @@
+{
+	"document": {
+	  "aggregate_severity": {
+		"namespace": "https://nvd.nist.gov/vuln-metrics/cvss",
+		"text": "High"
+	  },
+	  "category": "csaf_vex",
+	  "csaf_version": "2.0",
+	  "distribution": {
+		"tlp": {
+		  "label": "WHITE",
+		  "url": "https:/www.first.org/tlp/"
+		}
+	  },
+	  "lang": "en",
+	  "notes": [
+		{
+		  "text": "httpd security update",
+		  "category": "general",
+		  "title": "Synopsis"
+		},
+		{
+		  "text": "An update for httpd is now available for openEuler-24.03-LTS",
+		  "category": "general",
+		  "title": "Summary"
+		},
+		{
+		  "text": "Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nServing WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.(CVE-2024-36387)\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
+		  "category": "general",
+		  "title": "Description"
+		},
+		{
+		  "text": "An update for httpd is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+		  "category": "general",
+		  "title": "Topic"
+		},
+		{
+		  "text": "High",
+		  "category": "general",
+		  "title": "Severity"
+		},
+		{
+		  "text": "httpd",
+		  "category": "general",
+		  "title": "Affected Component"
+		}
+	  ],
+	  "publisher": {
+		"issuing_authority": "openEuler security committee",
+		"name": "openEuler",
+		"namespace": "https://www.openeuler.org",
+		"contact_details": "openeuler-security@openeuler.org",
+		"category": "vendor"
+	  },
+	  "references": [
+		{
+		  "summary": "openEuler-SA-2024-1854",
+		  "category": "self",
+		  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
+		},
+		{
+		  "summary": "CVE-2024-36387",
+		  "category": "self",
+		  "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36387&packageName=httpd"
+		},
+		{
+		  "summary": "CVE-2024-38474",
+		  "category": "self",
+		  "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
+		},
+		{
+		  "summary": "CVE-2024-38477",
+		  "category": "self",
+		  "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
+		},
+		{
+		  "summary": "nvd cve",
+		  "category": "external",
+		  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36387"
+		},
+		{
+		  "summary": "nvd cve",
+		  "category": "external",
+		  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
+		},
+		{
+		  "summary": "nvd cve",
+		  "category": "external",
+		  "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
+		},
+		{
+		  "summary": "openEuler-SA-2024-1854 vex file",
+		  "category": "self",
+		  "url": "https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1854.json"
+		}
+	  ],
+	  "title": "An update for httpd is now available for openEuler-24.03-LTS",
+	  "tracking": {
+		"initial_release_date": "2024-07-19T21:23:52+08:00",
+		"revision_history": [
+		  {
+			"date": "2024-07-19T21:23:52+08:00",
+			"summary": "Initial",
+			"number": "1.0.0"
+		  },
+		  {
+			"date": "2024-07-22T14:33:00+08:00",
+			"summary": "final",
+			"number": "2.0.0"
+		  }
+		],
+		"generator": {
+		  "date": "2024-07-22T14:33:00+08:00",
+		  "engine": {
+			"name": "openEuler CSAF Tool V1.0"
+		  }
+		},
+		"current_release_date": "2024-07-22T14:33:00+08:00",
+		"id": "openEuler-SA-2024-1854",
+		"version": "2.0.0",
+		"status": "final"
+	  }
+	},
+	"product_tree": {
+	  "branches": [
+		{
+		  "name": "openEuler",
+		  "category": "vendor",
+		  "branches": [
+			{
+			  "name": "openEuler",
+			  "branches": [
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "openEuler-24.03-LTS",
+					"name": "openEuler-24.03-LTS"
+				  },
+				  "name": "openEuler-24.03-LTS",
+				  "category": "product_version"
+				}
+			  ],
+			  "category": "product_name"
+			},
+			{
+			  "name": "aarch64",
+			  "branches": [
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "httpd-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "httpd-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "mod_md-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "mod_session-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
+					"name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm"
+				  },
+				  "name": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
+				  "category": "product_version"
+				}
+			  ],
+			  "category": "product_name"
+			},
+			{
+			  "name": "src",
+			  "branches": [
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-2.4.58-6.oe2403.src.rpm",
+					"name": "httpd-2.4.58-6.oe2403.src.rpm"
+				  },
+				  "name": "httpd-2.4.58-6.oe2403.src.rpm",
+				  "category": "product_version"
+				}
+			  ],
+			  "category": "product_name"
+			},
+			{
+			  "name": "x86_64",
+			  "branches": [
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "httpd-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "httpd-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "mod_md-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "mod_session-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
+					"name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm"
+				  },
+				  "name": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
+				  "category": "product_version"
+				}
+			  ],
+			  "category": "product_name"
+			},
+			{
+			  "name": "noarch",
+			  "branches": [
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
+					"name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm"
+				  },
+				  "name": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
+				  "category": "product_version"
+				},
+				{
+				  "product": {
+					"product_identification_helper": {
+					  "cpe": "cpe:/a:openEuler:openEuler:24.03-LTS"
+					},
+					"product_id": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
+					"name": "httpd-help-2.4.58-6.oe2403.noarch.rpm"
+				  },
+				  "name": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
+				  "category": "product_version"
+				}
+			  ],
+			  "category": "product_name"
+			}
+		  ]
+		}
+	  ],
+	  "relationships": [
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			"name": "httpd-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-debuginfo-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			"name": "httpd-debuginfo-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-debugsource-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			"name": "httpd-debugsource-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-devel-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			"name": "httpd-devel-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-tools-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			"name": "httpd-tools-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_ldap-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			"name": "mod_ldap-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_md-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			"name": "mod_md-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_proxy_html-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			"name": "mod_proxy_html-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_session-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			"name": "mod_session-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_ssl-2.4.58-6.oe2403.aarch64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			"name": "mod_ssl-2.4.58-6.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-2.4.58-6.oe2403.src.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			"name": "httpd-2.4.58-6.oe2403.src as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			"name": "httpd-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-debuginfo-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			"name": "httpd-debuginfo-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-debugsource-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			"name": "httpd-debugsource-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-devel-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			"name": "httpd-devel-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-tools-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			"name": "httpd-tools-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_ldap-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			"name": "mod_ldap-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_md-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			"name": "mod_md-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_proxy_html-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			"name": "mod_proxy_html-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_session-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			"name": "mod_session-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "mod_ssl-2.4.58-6.oe2403.x86_64.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			"name": "mod_ssl-2.4.58-6.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-filesystem-2.4.58-6.oe2403.noarch.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			"name": "httpd-filesystem-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		},
+		{
+		  "relates_to_product_reference": "openEuler-24.03-LTS",
+		  "product_reference": "httpd-help-2.4.58-6.oe2403.noarch.rpm",
+		  "full_product_name": {
+			"product_id": "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch",
+			"name": "httpd-help-2.4.58-6.oe2403.noarch as a component of openEuler-24.03-LTS"
+		  },
+		  "category": "default_component_of"
+		}
+	  ]
+	},
+	"vulnerabilities": [
+	  {
+		"cve": "CVE-2024-36387",
+		"notes": [
+		  {
+			"text": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.",
+			"category": "description",
+			"title": "Vulnerability Description"
+		  }
+		],
+		"product_status": {
+		  "fixed": [
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+		  ]
+		},
+		"remediations": [
+		  {
+			"product_ids": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			],
+			"details": "httpd security update",
+			"category": "vendor_fix",
+			"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
+		  }
+		],
+		"scores": [
+		  {
+			"cvss_v3": {
+			  "baseSeverity": "MEDIUM",
+			  "baseScore": 5.9,
+			  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+			  "version": "3.1"
+			},
+			"products": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			]
+		  }
+		],
+		"threats": [
+		  {
+			"details": "Medium",
+			"category": "impact"
+		  }
+		],
+		"title": "CVE-2024-36387"
+	  },
+	  {
+		"cve": "CVE-2024-38474",
+		"notes": [
+		  {
+			"text": "Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
+			"category": "description",
+			"title": "Vulnerability Description"
+		  }
+		],
+		"product_status": {
+		  "fixed": [
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+		  ]
+		},
+		"remediations": [
+		  {
+			"product_ids": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			],
+			"details": "httpd security update",
+			"category": "vendor_fix",
+			"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
+		  }
+		],
+		"scores": [
+		  {
+			"cvss_v3": {
+			  "baseSeverity": "HIGH",
+			  "baseScore": 8.2,
+			  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+			  "version": "3.1"
+			},
+			"products": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			]
+		  }
+		],
+		"threats": [
+		  {
+			"details": "High",
+			"category": "impact"
+		  }
+		],
+		"title": "CVE-2024-38474"
+	  },
+	  {
+		"cve": "CVE-2024-38477",
+		"notes": [
+		  {
+			"text": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
+			"category": "description",
+			"title": "Vulnerability Description"
+		  }
+		],
+		"product_status": {
+		  "fixed": [
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			"openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			"openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			"openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+		  ]
+		},
+		"remediations": [
+		  {
+			"product_ids": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			],
+			"details": "httpd security update",
+			"category": "vendor_fix",
+			"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1854"
+		  }
+		],
+		"scores": [
+		  {
+			"cvss_v3": {
+			  "baseSeverity": "HIGH",
+			  "baseScore": 7.5,
+			  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+			  "version": "3.1"
+			},
+			"products": [
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.aarch64",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.src",
+			  "openEuler-24.03-LTS:httpd-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debuginfo-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-debugsource-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-devel-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-tools-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ldap-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_md-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_proxy_html-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_session-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:mod_ssl-2.4.58-6.oe2403.x86_64",
+			  "openEuler-24.03-LTS:httpd-filesystem-2.4.58-6.oe2403.noarch",
+			  "openEuler-24.03-LTS:httpd-help-2.4.58-6.oe2403.noarch"
+			]
+		  }
+		],
+		"threats": [
+		  {
+			"details": "High",
+			"category": "impact"
+		  }
+		],
+		"title": "CVE-2024-38477"
+	  }
+	]
+  }
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1855.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1855.json
@ -0,0 +1,846 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"httpd security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"httpd",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1855",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1855"
+			},
+			{
+				"summary":"CVE-2024-38474",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
+			},
+			{
+				"summary":"CVE-2024-38477",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
+			},
+			{
+				"summary":"openEuler-SA-2024-1855 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1855.json"
+			}
+		],
+		"title":"An update for httpd is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:54+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:54+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:54+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:54+08:00",
+			"id":"openEuler-SA-2024-1855",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp4.aarch64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp4.aarch64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp4.src.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp4.src.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp4.x86_64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp4.x86_64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-filesystem-2.4.51-22.oe2203sp4.noarch.rpm",
+									"name":"httpd-filesystem-2.4.51-22.oe2203sp4.noarch.rpm"
+								},
+								"name":"httpd-filesystem-2.4.51-22.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"httpd-help-2.4.51-22.oe2203sp4.noarch.rpm",
+									"name":"httpd-help-2.4.51-22.oe2203sp4.noarch.rpm"
+								},
+								"name":"httpd-help-2.4.51-22.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+					"name":"httpd-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+					"name":"mod_md-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+					"name":"mod_session-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-2.4.51-22.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+					"name":"httpd-2.4.51-22.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+					"name":"httpd-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+					"name":"mod_md-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+					"name":"mod_session-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-filesystem-2.4.51-22.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+					"name":"httpd-filesystem-2.4.51-22.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"httpd-help-2.4.51-22.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch",
+					"name":"httpd-help-2.4.51-22.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38474",
+			"notes":[
+				{
+					"text":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1855"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.2,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38474"
+		},
+		{
+			"cve":"CVE-2024-38477",
+			"notes":[
+				{
+					"text":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1855"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:httpd-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debuginfo-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-debugsource-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-devel-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-tools-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ldap-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_md-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_proxy_html-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_session-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:mod_ssl-2.4.51-22.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:httpd-filesystem-2.4.51-22.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:httpd-help-2.4.51-22.oe2203sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38477"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1856.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1856.json
@ -0,0 +1,846 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"httpd security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.\n\nSecurity Fix(es):\n\nSubstitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.(CVE-2024-38474)\n\nnull pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.(CVE-2024-38477)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for httpd is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"httpd",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1856",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1856"
+			},
+			{
+				"summary":"CVE-2024-38474",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38474&packageName=httpd"
+			},
+			{
+				"summary":"CVE-2024-38477",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38477&packageName=httpd"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38474"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38477"
+			},
+			{
+				"summary":"openEuler-SA-2024-1856 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1856.json"
+			}
+		],
+		"title":"An update for httpd is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:55+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:55+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:55+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:55+08:00",
+			"id":"openEuler-SA-2024-1856",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp1.aarch64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp1.aarch64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp1.src.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp1.src.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"httpd-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"httpd-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-devel-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"httpd-devel-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"httpd-devel-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-tools-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"httpd-tools-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"httpd-tools-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_ldap-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"mod_ldap-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"mod_ldap-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_md-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"mod_md-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"mod_md-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_session-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"mod_session-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"mod_session-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"mod_ssl-2.4.51-22.oe2203sp1.x86_64.rpm",
+									"name":"mod_ssl-2.4.51-22.oe2203sp1.x86_64.rpm"
+								},
+								"name":"mod_ssl-2.4.51-22.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-filesystem-2.4.51-22.oe2203sp1.noarch.rpm",
+									"name":"httpd-filesystem-2.4.51-22.oe2203sp1.noarch.rpm"
+								},
+								"name":"httpd-filesystem-2.4.51-22.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"httpd-help-2.4.51-22.oe2203sp1.noarch.rpm",
+									"name":"httpd-help-2.4.51-22.oe2203sp1.noarch.rpm"
+								},
+								"name":"httpd-help-2.4.51-22.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+					"name":"httpd-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+					"name":"mod_md-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+					"name":"mod_session-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-2.4.51-22.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+					"name":"httpd-2.4.51-22.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+					"name":"httpd-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+					"name":"httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+					"name":"httpd-debugsource-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-devel-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+					"name":"httpd-devel-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-tools-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+					"name":"httpd-tools-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_ldap-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+					"name":"mod_ldap-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_md-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+					"name":"mod_md-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+					"name":"mod_proxy_html-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_session-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+					"name":"mod_session-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"mod_ssl-2.4.51-22.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+					"name":"mod_ssl-2.4.51-22.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-filesystem-2.4.51-22.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+					"name":"httpd-filesystem-2.4.51-22.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"httpd-help-2.4.51-22.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch",
+					"name":"httpd-help-2.4.51-22.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38474",
+			"notes":[
+				{
+					"text":"Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in\ndirectories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.\n\nSome RewriteRules that capture and substitute unsafely will now fail unless rewrite flag \"UnsafeAllow3F\" is specified.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1856"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.2,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38474"
+		},
+		{
+			"cve":"CVE-2024-38477",
+			"notes":[
+				{
+					"text":"null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+					],
+					"details":"httpd security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1856"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.5,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:httpd-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debuginfo-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-debugsource-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-devel-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-tools-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ldap-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_md-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_proxy_html-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_session-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:mod_ssl-2.4.51-22.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:httpd-filesystem-2.4.51-22.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:httpd-help-2.4.51-22.oe2203sp1.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38477"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1857.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1857.json
@ -0,0 +1,573 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"rapidjson security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for rapidjson is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"RapidJSON as a fast JSON parser which generator for c++. It`s inspired by RapidXML. It`s supports both SAX & DOM style API. It`s small but complete. It`s fast, It`s preformance can be comparabel to strlen(). It`s self-contained. It doesn`t depend on external libraries such as BOOST. It`s Unicode and memory friendly, each JSON valude occupies exactly 16/20 bytes for most 32/64-bit machines. It`s suport UTF-8 UTF-16 UTF-32 (LE & BE).\n\nSecurity Fix(es):\n\nTencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.(CVE-2024-38517)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for rapidjson is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"rapidjson",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1857",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1857"
+			},
+			{
+				"summary":"CVE-2024-38517",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38517&packageName=rapidjson"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38517"
+			},
+			{
+				"summary":"openEuler-SA-2024-1857 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1857.json"
+			}
+		],
+		"title":"An update for rapidjson is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:56+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:56+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:56+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:56+08:00",
+			"id":"openEuler-SA-2024-1857",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"rapidjson-1.1.0-13.oe2403.src.rpm",
+									"name":"rapidjson-1.1.0-13.oe2403.src.rpm"
+								},
+								"name":"rapidjson-1.1.0-13.oe2403.src.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-1.1.0-12.oe2203sp4.src.rpm",
+									"name":"rapidjson-1.1.0-12.oe2203sp4.src.rpm"
+								},
+								"name":"rapidjson-1.1.0-12.oe2203sp4.src.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rapidjson-1.1.0-11.oe2203sp1.src.rpm",
+									"name":"rapidjson-1.1.0-11.oe2203sp1.src.rpm"
+								},
+								"name":"rapidjson-1.1.0-11.oe2203sp1.src.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rapidjson-1.1.0-12.oe2203sp3.src.rpm",
+									"name":"rapidjson-1.1.0-12.oe2203sp3.src.rpm"
+								},
+								"name":"rapidjson-1.1.0-12.oe2203sp3.src.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-1.1.0-12.oe2003sp4.src.rpm",
+									"name":"rapidjson-1.1.0-12.oe2003sp4.src.rpm"
+								},
+								"name":"rapidjson-1.1.0-12.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"rapidjson-devel-1.1.0-13.oe2403.noarch.rpm",
+									"name":"rapidjson-devel-1.1.0-13.oe2403.noarch.rpm"
+								},
+								"name":"rapidjson-devel-1.1.0-13.oe2403.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"rapidjson-help-1.1.0-13.oe2403.noarch.rpm",
+									"name":"rapidjson-help-1.1.0-13.oe2403.noarch.rpm"
+								},
+								"name":"rapidjson-help-1.1.0-13.oe2403.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-devel-1.1.0-12.oe2203sp4.noarch.rpm",
+									"name":"rapidjson-devel-1.1.0-12.oe2203sp4.noarch.rpm"
+								},
+								"name":"rapidjson-devel-1.1.0-12.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-help-1.1.0-12.oe2203sp4.noarch.rpm",
+									"name":"rapidjson-help-1.1.0-12.oe2203sp4.noarch.rpm"
+								},
+								"name":"rapidjson-help-1.1.0-12.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rapidjson-devel-1.1.0-11.oe2203sp1.noarch.rpm",
+									"name":"rapidjson-devel-1.1.0-11.oe2203sp1.noarch.rpm"
+								},
+								"name":"rapidjson-devel-1.1.0-11.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"rapidjson-help-1.1.0-11.oe2203sp1.noarch.rpm",
+									"name":"rapidjson-help-1.1.0-11.oe2203sp1.noarch.rpm"
+								},
+								"name":"rapidjson-help-1.1.0-11.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rapidjson-devel-1.1.0-12.oe2203sp3.noarch.rpm",
+									"name":"rapidjson-devel-1.1.0-12.oe2203sp3.noarch.rpm"
+								},
+								"name":"rapidjson-devel-1.1.0-12.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"rapidjson-help-1.1.0-12.oe2203sp3.noarch.rpm",
+									"name":"rapidjson-help-1.1.0-12.oe2203sp3.noarch.rpm"
+								},
+								"name":"rapidjson-help-1.1.0-12.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-devel-1.1.0-12.oe2003sp4.noarch.rpm",
+									"name":"rapidjson-devel-1.1.0-12.oe2003sp4.noarch.rpm"
+								},
+								"name":"rapidjson-devel-1.1.0-12.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"rapidjson-help-1.1.0-12.oe2003sp4.noarch.rpm",
+									"name":"rapidjson-help-1.1.0-12.oe2003sp4.noarch.rpm"
+								},
+								"name":"rapidjson-help-1.1.0-12.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"rapidjson-1.1.0-13.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:rapidjson-1.1.0-13.oe2403.src",
+					"name":"rapidjson-1.1.0-13.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rapidjson-1.1.0-12.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rapidjson-1.1.0-12.oe2203sp4.src",
+					"name":"rapidjson-1.1.0-12.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rapidjson-1.1.0-11.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rapidjson-1.1.0-11.oe2203sp1.src",
+					"name":"rapidjson-1.1.0-11.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rapidjson-1.1.0-12.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rapidjson-1.1.0-12.oe2203sp3.src",
+					"name":"rapidjson-1.1.0-12.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rapidjson-1.1.0-12.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rapidjson-1.1.0-12.oe2003sp4.src",
+					"name":"rapidjson-1.1.0-12.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"rapidjson-devel-1.1.0-13.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:rapidjson-devel-1.1.0-13.oe2403.noarch",
+					"name":"rapidjson-devel-1.1.0-13.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"rapidjson-help-1.1.0-13.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:rapidjson-help-1.1.0-13.oe2403.noarch",
+					"name":"rapidjson-help-1.1.0-13.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rapidjson-devel-1.1.0-12.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2203sp4.noarch",
+					"name":"rapidjson-devel-1.1.0-12.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"rapidjson-help-1.1.0-12.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2203sp4.noarch",
+					"name":"rapidjson-help-1.1.0-12.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rapidjson-devel-1.1.0-11.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rapidjson-devel-1.1.0-11.oe2203sp1.noarch",
+					"name":"rapidjson-devel-1.1.0-11.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"rapidjson-help-1.1.0-11.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:rapidjson-help-1.1.0-11.oe2203sp1.noarch",
+					"name":"rapidjson-help-1.1.0-11.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rapidjson-devel-1.1.0-12.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rapidjson-devel-1.1.0-12.oe2203sp3.noarch",
+					"name":"rapidjson-devel-1.1.0-12.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"rapidjson-help-1.1.0-12.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:rapidjson-help-1.1.0-12.oe2203sp3.noarch",
+					"name":"rapidjson-help-1.1.0-12.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rapidjson-devel-1.1.0-12.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2003sp4.noarch",
+					"name":"rapidjson-devel-1.1.0-12.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"rapidjson-help-1.1.0-12.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2003sp4.noarch",
+					"name":"rapidjson-help-1.1.0-12.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38517",
+			"notes":[
+				{
+					"text":"Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:rapidjson-1.1.0-13.oe2403.src",
+					"openEuler-22.03-LTS-SP4:rapidjson-1.1.0-12.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP1:rapidjson-1.1.0-11.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP3:rapidjson-1.1.0-12.oe2203sp3.src",
+					"openEuler-20.03-LTS-SP4:rapidjson-1.1.0-12.oe2003sp4.src",
+					"openEuler-24.03-LTS:rapidjson-devel-1.1.0-13.oe2403.noarch",
+					"openEuler-24.03-LTS:rapidjson-help-1.1.0-13.oe2403.noarch",
+					"openEuler-22.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP1:rapidjson-devel-1.1.0-11.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:rapidjson-help-1.1.0-11.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP3:rapidjson-devel-1.1.0-12.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:rapidjson-help-1.1.0-12.oe2203sp3.noarch",
+					"openEuler-20.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2003sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:rapidjson-1.1.0-13.oe2403.src",
+						"openEuler-22.03-LTS-SP4:rapidjson-1.1.0-12.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP1:rapidjson-1.1.0-11.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP3:rapidjson-1.1.0-12.oe2203sp3.src",
+						"openEuler-20.03-LTS-SP4:rapidjson-1.1.0-12.oe2003sp4.src",
+						"openEuler-24.03-LTS:rapidjson-devel-1.1.0-13.oe2403.noarch",
+						"openEuler-24.03-LTS:rapidjson-help-1.1.0-13.oe2403.noarch",
+						"openEuler-22.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP1:rapidjson-devel-1.1.0-11.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rapidjson-help-1.1.0-11.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP3:rapidjson-devel-1.1.0-12.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rapidjson-help-1.1.0-12.oe2203sp3.noarch",
+						"openEuler-20.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2003sp4.noarch"
+					],
+					"details":"rapidjson security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1857"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.8,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:rapidjson-1.1.0-13.oe2403.src",
+						"openEuler-22.03-LTS-SP4:rapidjson-1.1.0-12.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP1:rapidjson-1.1.0-11.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP3:rapidjson-1.1.0-12.oe2203sp3.src",
+						"openEuler-20.03-LTS-SP4:rapidjson-1.1.0-12.oe2003sp4.src",
+						"openEuler-24.03-LTS:rapidjson-devel-1.1.0-13.oe2403.noarch",
+						"openEuler-24.03-LTS:rapidjson-help-1.1.0-13.oe2403.noarch",
+						"openEuler-22.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP1:rapidjson-devel-1.1.0-11.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:rapidjson-help-1.1.0-11.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP3:rapidjson-devel-1.1.0-12.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:rapidjson-help-1.1.0-12.oe2203sp3.noarch",
+						"openEuler-20.03-LTS-SP4:rapidjson-devel-1.1.0-12.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:rapidjson-help-1.1.0-12.oe2003sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38517"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1858.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1858.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1859.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1859.json
@ -0,0 +1,526 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Critical"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"firefox security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for firefox is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"Mozilla Firefox is a standalone web browser, designed for standards compliance and performance.  Its functionality can be enhanced via a plethora of extensions.\n\nSecurity Fix(es):Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.\n\nSecurity Fix(es):\n\nWhen processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.(CVE-2020-15675)\n\nUsing the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.(CVE-2021-23954)\n\nIf an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.(CVE-2022-45406)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for firefox is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Critical",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"firefox",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1859",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1859"
+			},
+			{
+				"summary":"CVE-2020-15675",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-15675&packageName=firefox"
+			},
+			{
+				"summary":"CVE-2021-23954",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-23954&packageName=firefox"
+			},
+			{
+				"summary":"CVE-2022-45406",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-45406&packageName=firefox"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15675"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23954"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45406"
+			},
+			{
+				"summary":"openEuler-SA-2024-1859 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1859.json"
+			}
+		],
+		"title":"An update for firefox is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:23:59+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:23:59+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:23:59+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:23:59+08:00",
+			"id":"openEuler-SA-2024-1859",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-79.0-26.oe2003sp4.aarch64.rpm",
+									"name":"firefox-79.0-26.oe2003sp4.aarch64.rpm"
+								},
+								"name":"firefox-79.0-26.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-debuginfo-79.0-26.oe2003sp4.aarch64.rpm",
+									"name":"firefox-debuginfo-79.0-26.oe2003sp4.aarch64.rpm"
+								},
+								"name":"firefox-debuginfo-79.0-26.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-debugsource-79.0-26.oe2003sp4.aarch64.rpm",
+									"name":"firefox-debugsource-79.0-26.oe2003sp4.aarch64.rpm"
+								},
+								"name":"firefox-debugsource-79.0-26.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-79.0-26.oe2003sp4.src.rpm",
+									"name":"firefox-79.0-26.oe2003sp4.src.rpm"
+								},
+								"name":"firefox-79.0-26.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-79.0-26.oe2003sp4.x86_64.rpm",
+									"name":"firefox-79.0-26.oe2003sp4.x86_64.rpm"
+								},
+								"name":"firefox-79.0-26.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+									"name":"firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm"
+								},
+								"name":"firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"firefox-debugsource-79.0-26.oe2003sp4.x86_64.rpm",
+									"name":"firefox-debugsource-79.0-26.oe2003sp4.x86_64.rpm"
+								},
+								"name":"firefox-debugsource-79.0-26.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+									"name":"mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm"
+								},
+								"name":"mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-79.0-26.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+					"name":"firefox-79.0-26.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-debuginfo-79.0-26.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+					"name":"firefox-debuginfo-79.0-26.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-debugsource-79.0-26.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+					"name":"firefox-debugsource-79.0-26.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-79.0-26.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+					"name":"firefox-79.0-26.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-79.0-26.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+					"name":"firefox-79.0-26.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+					"name":"firefox-debuginfo-79.0-26.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"firefox-debugsource-79.0-26.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+					"name":"firefox-debugsource-79.0-26.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+					"name":"mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2020-15675",
+			"notes":[
+				{
+					"text":"When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					],
+					"details":"firefox security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1859"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2020-15675"
+		},
+		{
+			"cve":"CVE-2021-23954",
+			"notes":[
+				{
+					"text":"Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					],
+					"details":"firefox security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1859"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2021-23954"
+		},
+		{
+			"cve":"CVE-2022-45406",
+			"notes":[
+				{
+					"text":"If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					],
+					"details":"firefox security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1859"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"CRITICAL",
+						"baseScore":9.8,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:firefox-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debuginfo-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:firefox-debugsource-79.0-26.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:mozilla-crashreporter-firefox-debuginfo-79.0-26.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Critical",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-45406"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1860.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1860.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1861.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1861.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1862.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1862.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1863.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1863.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1864.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1864.json
@ -0,0 +1,903 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"kernel security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"The Linux Kernel, the operating system core itself.\n\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr->aux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n  shift exponent 64 is too large for 64-bit type 'long unsigned int'\n  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x5d/0x80\n   ubsan_epilogue+0x5/0x30\n   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n   __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __kmalloc+0x1b6/0x4f0\n   ? create_qp.part.0+0x128/0x1c0 [ib_core]\n   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n   create_qp.part.0+0x128/0x1c0 [ib_core]\n   ib_create_qp_kernel+0x50/0xd0 [ib_core]\n   create_mad_qp+0x8e/0xe0 [ib_core]\n   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n   ib_mad_init_device+0x2be/0x680 [ib_core]\n   add_client_context+0x10d/0x1a0 [ib_core]\n   enable_device_and_get+0xe0/0x1d0 [ib_core]\n   ib_register_device+0x53c/0x630 [ib_core]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n   auxiliary_bus_probe+0x49/0x80\n   ? driver_sysfs_add+0x57/0xc0\n   really_probe+0xde/0x340\n   ? pm_runtime_barrier+0x54/0x90\n   ? __pfx___driver_attach+0x10/0x10\n   __driver_probe_device+0x78/0x110\n   driver_probe_device+0x1f/0xa0\n   __driver_attach+0xba/0x1c0\n   bus_for_each_dev+0x8f/0xe0\n   bus_add_driver+0x146/0x220\n   driver_register+0x72/0xd0\n   __auxiliary_driver_register+0x6e/0xd0\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   do_one_initcall+0x5b/0x310\n   do_init_module+0x90/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x121/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x82/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode_prepare+0x149/0x170\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode+0x75/0x230\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_syscall_64+0x8e/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __count_memcg_events+0x69/0x100\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? count_memcg_events.constprop.0+0x1a/0x30\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? handle_mm_fault+0x1f0/0x300\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_user_addr_fault+0x34e/0x640\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f4e5132821d\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n   </TASK>\n  ---[ end trace ]---(CVE-2024-38540)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for kernel is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"kernel",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1864",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1864"
+			},
+			{
+				"summary":"CVE-2024-38540",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-38540&packageName=kernel"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-38540"
+			},
+			{
+				"summary":"openEuler-SA-2024-1864 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1864.json"
+			}
+		],
+		"title":"An update for kernel is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:09+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:09+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:09+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:09+08:00",
+			"id":"openEuler-SA-2024-1864",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+									"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm"
+								},
+								"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+									"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm"
+								},
+								"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"kernel-5.10.0-219.0.0.118.oe2203sp4.src.rpm",
+									"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.src.rpm"
+								},
+								"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"perf-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"perf-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"name":"python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"kernel-5.10.0-219.0.0.118.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.src",
+					"name":"kernel-5.10.0-219.0.0.118.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-38540",
+			"notes":[
+				{
+					"text":"In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr->aux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n  shift exponent 64 is too large for 64-bit type 'long unsigned int'\n  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n  Call Trace:\n   <TASK>\n   dump_stack_lvl+0x5d/0x80\n   ubsan_epilogue+0x5/0x30\n   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n   __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __kmalloc+0x1b6/0x4f0\n   ? create_qp.part.0+0x128/0x1c0 [ib_core]\n   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n   create_qp.part.0+0x128/0x1c0 [ib_core]\n   ib_create_qp_kernel+0x50/0xd0 [ib_core]\n   create_mad_qp+0x8e/0xe0 [ib_core]\n   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n   ib_mad_init_device+0x2be/0x680 [ib_core]\n   add_client_context+0x10d/0x1a0 [ib_core]\n   enable_device_and_get+0xe0/0x1d0 [ib_core]\n   ib_register_device+0x53c/0x630 [ib_core]\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n   auxiliary_bus_probe+0x49/0x80\n   ? driver_sysfs_add+0x57/0xc0\n   really_probe+0xde/0x340\n   ? pm_runtime_barrier+0x54/0x90\n   ? __pfx___driver_attach+0x10/0x10\n   __driver_probe_device+0x78/0x110\n   driver_probe_device+0x1f/0xa0\n   __driver_attach+0xba/0x1c0\n   bus_for_each_dev+0x8f/0xe0\n   bus_add_driver+0x146/0x220\n   driver_register+0x72/0xd0\n   __auxiliary_driver_register+0x6e/0xd0\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n   do_one_initcall+0x5b/0x310\n   do_init_module+0x90/0x250\n   init_module_from_file+0x86/0xc0\n   idempotent_init_module+0x121/0x2b0\n   __x64_sys_finit_module+0x5e/0xb0\n   do_syscall_64+0x82/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode_prepare+0x149/0x170\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? syscall_exit_to_user_mode+0x75/0x230\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_syscall_64+0x8e/0x160\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? __count_memcg_events+0x69/0x100\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? count_memcg_events.constprop.0+0x1a/0x30\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? handle_mm_fault+0x1f0/0x300\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? do_user_addr_fault+0x34e/0x640\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   ? srso_alias_return_thunk+0x5/0xfbef5\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n  RIP: 0033:0x7f4e5132821d\n  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n   </TASK>\n  ---[ end trace ]---",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.src"
+					],
+					"details":"kernel security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1864"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:bpftool-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:bpftool-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-debugsource-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-headers-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-source-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-tools-devel-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:python3-perf-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:python3-perf-debuginfo-5.10.0-219.0.0.118.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:kernel-5.10.0-219.0.0.118.oe2203sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-38540"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1865.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1865.json
@ -0,0 +1,340 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"python-pip security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-24.03-LTS",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        20.2.2 Release:        4 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:        https://files.pythonhosted.org/packages/source/p/pip/pip-.tar.gz BuildArch:      noarch Patch1:         allow-stripping-given-prefix-from-wheel-RECORD-files. Patch2:         emit-a-warning-when-running-with-root-privileges.patch Patch3:         remove-existing-dist-only-if-path-conflicts.patch Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2021-3572.patch\n\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"python-pip",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1865",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1865"
+			},
+			{
+				"summary":"CVE-2023-45803",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45803&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2024-37891",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-pip"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"
+			},
+			{
+				"summary":"openEuler-SA-2024-1865 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1865.json"
+			}
+		],
+		"title":"An update for python-pip is now available for openEuler-24.03-LTS",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:10+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:10+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:10+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:10+08:00",
+			"id":"openEuler-SA-2024-1865",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"python-pip-23.3.1-2.oe2403.src.rpm",
+									"name":"python-pip-23.3.1-2.oe2403.src.rpm"
+								},
+								"name":"python-pip-23.3.1-2.oe2403.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"python-pip-help-23.3.1-2.oe2403.noarch.rpm",
+									"name":"python-pip-help-23.3.1-2.oe2403.noarch.rpm"
+								},
+								"name":"python-pip-help-23.3.1-2.oe2403.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"python-pip-wheel-23.3.1-2.oe2403.noarch.rpm",
+									"name":"python-pip-wheel-23.3.1-2.oe2403.noarch.rpm"
+								},
+								"name":"python-pip-wheel-23.3.1-2.oe2403.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"python3-pip-23.3.1-2.oe2403.noarch.rpm",
+									"name":"python3-pip-23.3.1-2.oe2403.noarch.rpm"
+								},
+								"name":"python3-pip-23.3.1-2.oe2403.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"python-pip-23.3.1-2.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+					"name":"python-pip-23.3.1-2.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"python-pip-help-23.3.1-2.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+					"name":"python-pip-help-23.3.1-2.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"python-pip-wheel-23.3.1-2.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+					"name":"python-pip-wheel-23.3.1-2.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"python3-pip-23.3.1-2.oe2403.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch",
+					"name":"python3-pip-23.3.1-2.oe2403.noarch as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-45803",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+					"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+					"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+					"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+						"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1865"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.2,
+						"vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+						"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-45803"
+		},
+		{
+			"cve":"CVE-2024-37891",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. When using urllib3 s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3 s proxy support, it s possible to accidentally configure the `Proxy-Authorization` header even though it won t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3 s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3 s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3 s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+					"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+					"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+					"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+						"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1865"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.4,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:python-pip-23.3.1-2.oe2403.src",
+						"openEuler-24.03-LTS:python-pip-help-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python-pip-wheel-23.3.1-2.oe2403.noarch",
+						"openEuler-24.03-LTS:python3-pip-23.3.1-2.oe2403.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37891"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1866.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1866.json
@ -0,0 +1,340 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"python-pip security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        20.2.2 Release:        4 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:        https://files.pythonhosted.org/packages/source/p/pip/pip-.tar.gz BuildArch:      noarch Patch1:         allow-stripping-given-prefix-from-wheel-RECORD-files. Patch2:         emit-a-warning-when-running-with-root-privileges.patch Patch3:         remove-existing-dist-only-if-path-conflicts.patch Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2021-3572.patch\n\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"python-pip",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1866",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1866"
+			},
+			{
+				"summary":"CVE-2023-45803",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45803&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2024-37891",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-pip"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"
+			},
+			{
+				"summary":"openEuler-SA-2024-1866 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1866.json"
+			}
+		],
+		"title":"An update for python-pip is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:11+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:11+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:11+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:11+08:00",
+			"id":"openEuler-SA-2024-1866",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python-pip-21.3.1-8.oe2203sp4.src.rpm",
+									"name":"python-pip-21.3.1-8.oe2203sp4.src.rpm"
+								},
+								"name":"python-pip-21.3.1-8.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python-pip-help-21.3.1-8.oe2203sp4.noarch.rpm",
+									"name":"python-pip-help-21.3.1-8.oe2203sp4.noarch.rpm"
+								},
+								"name":"python-pip-help-21.3.1-8.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python-pip-wheel-21.3.1-8.oe2203sp4.noarch.rpm",
+									"name":"python-pip-wheel-21.3.1-8.oe2203sp4.noarch.rpm"
+								},
+								"name":"python-pip-wheel-21.3.1-8.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"python3-pip-21.3.1-8.oe2203sp4.noarch.rpm",
+									"name":"python3-pip-21.3.1-8.oe2203sp4.noarch.rpm"
+								},
+								"name":"python3-pip-21.3.1-8.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python-pip-21.3.1-8.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+					"name":"python-pip-21.3.1-8.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python-pip-help-21.3.1-8.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+					"name":"python-pip-help-21.3.1-8.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python-pip-wheel-21.3.1-8.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+					"name":"python-pip-wheel-21.3.1-8.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"python3-pip-21.3.1-8.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch",
+					"name":"python3-pip-21.3.1-8.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-45803",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1866"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.2,
+						"vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-45803"
+		},
+		{
+			"cve":"CVE-2024-37891",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. When using urllib3 s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3 s proxy support, it s possible to accidentally configure the `Proxy-Authorization` header even though it won t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3 s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3 s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3 s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1866"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.4,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:python-pip-21.3.1-8.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:python-pip-help-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python-pip-wheel-21.3.1-8.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:python3-pip-21.3.1-8.oe2203sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37891"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1867.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1867.json
@ -0,0 +1,404 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"python-pip security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        20.2.2 Release:        4 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:        https://files.pythonhosted.org/packages/source/p/pip/pip-.tar.gz BuildArch:      noarch Patch1:         allow-stripping-given-prefix-from-wheel-RECORD-files. Patch2:         emit-a-warning-when-running-with-root-privileges.patch Patch3:         remove-existing-dist-only-if-path-conflicts.patch Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2021-3572.patch\n\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804)\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"python-pip",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1867",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1867"
+			},
+			{
+				"summary":"CVE-2023-43804",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-43804&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2023-45803",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45803&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2024-37891",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-pip"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"
+			},
+			{
+				"summary":"openEuler-SA-2024-1867 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1867.json"
+			}
+		],
+		"title":"An update for python-pip is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:13+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:13+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:13+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:13+08:00",
+			"id":"openEuler-SA-2024-1867",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"python-pip-help-21.3.1-6.oe2203sp1.noarch.rpm",
+									"name":"python-pip-help-21.3.1-6.oe2203sp1.noarch.rpm"
+								},
+								"name":"python-pip-help-21.3.1-6.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"python-pip-wheel-21.3.1-6.oe2203sp1.noarch.rpm",
+									"name":"python-pip-wheel-21.3.1-6.oe2203sp1.noarch.rpm"
+								},
+								"name":"python-pip-wheel-21.3.1-6.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"python3-pip-21.3.1-6.oe2203sp1.noarch.rpm",
+									"name":"python3-pip-21.3.1-6.oe2203sp1.noarch.rpm"
+								},
+								"name":"python3-pip-21.3.1-6.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"python-pip-21.3.1-6.oe2203sp1.src.rpm",
+									"name":"python-pip-21.3.1-6.oe2203sp1.src.rpm"
+								},
+								"name":"python-pip-21.3.1-6.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"python-pip-help-21.3.1-6.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+					"name":"python-pip-help-21.3.1-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"python-pip-wheel-21.3.1-6.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+					"name":"python-pip-wheel-21.3.1-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"python3-pip-21.3.1-6.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+					"name":"python3-pip-21.3.1-6.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"python-pip-21.3.1-6.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src",
+					"name":"python-pip-21.3.1-6.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-43804",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1867"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-43804"
+		},
+		{
+			"cve":"CVE-2023-45803",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1867"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.2,
+						"vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-45803"
+		},
+		{
+			"cve":"CVE-2024-37891",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. When using urllib3 s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3 s proxy support, it s possible to accidentally configure the `Proxy-Authorization` header even though it won t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3 s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3 s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3 s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+					"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1867"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.4,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:python-pip-help-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-wheel-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python3-pip-21.3.1-6.oe2203sp1.noarch",
+						"openEuler-22.03-LTS-SP1:python-pip-21.3.1-6.oe2203sp1.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37891"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1868.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1868.json
@ -0,0 +1,404 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"python-pip security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        20.2.2 Release:        4 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:        https://files.pythonhosted.org/packages/source/p/pip/pip-.tar.gz BuildArch:      noarch Patch1:         allow-stripping-given-prefix-from-wheel-RECORD-files. Patch2:         emit-a-warning-when-running-with-root-privileges.patch Patch3:         remove-existing-dist-only-if-path-conflicts.patch Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2021-3572.patch\n\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804)\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"python-pip",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1868",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1868"
+			},
+			{
+				"summary":"CVE-2023-43804",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-43804&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2023-45803",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45803&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2024-37891",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-pip"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"
+			},
+			{
+				"summary":"openEuler-SA-2024-1868 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1868.json"
+			}
+		],
+		"title":"An update for python-pip is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:14+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:14+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:14+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:14+08:00",
+			"id":"openEuler-SA-2024-1868",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"python-pip-21.3.1-8.oe2203sp3.src.rpm",
+									"name":"python-pip-21.3.1-8.oe2203sp3.src.rpm"
+								},
+								"name":"python-pip-21.3.1-8.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"python-pip-help-21.3.1-8.oe2203sp3.noarch.rpm",
+									"name":"python-pip-help-21.3.1-8.oe2203sp3.noarch.rpm"
+								},
+								"name":"python-pip-help-21.3.1-8.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"python-pip-wheel-21.3.1-8.oe2203sp3.noarch.rpm",
+									"name":"python-pip-wheel-21.3.1-8.oe2203sp3.noarch.rpm"
+								},
+								"name":"python-pip-wheel-21.3.1-8.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"python3-pip-21.3.1-8.oe2203sp3.noarch.rpm",
+									"name":"python3-pip-21.3.1-8.oe2203sp3.noarch.rpm"
+								},
+								"name":"python3-pip-21.3.1-8.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"python-pip-21.3.1-8.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+					"name":"python-pip-21.3.1-8.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"python-pip-help-21.3.1-8.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+					"name":"python-pip-help-21.3.1-8.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"python-pip-wheel-21.3.1-8.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+					"name":"python-pip-wheel-21.3.1-8.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"python3-pip-21.3.1-8.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch",
+					"name":"python3-pip-21.3.1-8.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-43804",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1868"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-43804"
+		},
+		{
+			"cve":"CVE-2023-45803",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1868"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.2,
+						"vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-45803"
+		},
+		{
+			"cve":"CVE-2024-37891",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. When using urllib3 s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3 s proxy support, it s possible to accidentally configure the `Proxy-Authorization` header even though it won t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3 s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3 s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3 s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1868"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.4,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:python-pip-21.3.1-8.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:python-pip-help-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python-pip-wheel-21.3.1-8.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:python3-pip-21.3.1-8.oe2203sp3.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37891"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1869.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1869.json
@ -0,0 +1,433 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"python-pip security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-/bash_completion.d}) Name:           python-pip Version:        20.2.2 Release:        4 Summary:        A tool for installing and managing Python packages License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL:            http://www.pip-installer.org Source0:        https://files.pythonhosted.org/packages/source/p/pip/pip-.tar.gz BuildArch:      noarch Patch1:         allow-stripping-given-prefix-from-wheel-RECORD-files. Patch2:         emit-a-warning-when-running-with-root-privileges.patch Patch3:         remove-existing-dist-only-if-path-conflicts.patch Patch6000:      dummy-certifi.patch Patch6001:      backport-CVE-2021-3572.patch\n\nSecurity Fix(es):\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.(CVE-2023-43804)\n\nurllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n(CVE-2023-45803)\n\n urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.(CVE-2024-37891)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for python-pip is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"python-pip",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1869",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1869"
+			},
+			{
+				"summary":"CVE-2023-43804",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-43804&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2023-45803",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-45803&packageName=python-pip"
+			},
+			{
+				"summary":"CVE-2024-37891",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-37891&packageName=python-pip"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43804"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-45803"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-37891"
+			},
+			{
+				"summary":"openEuler-SA-2024-1869 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1869.json"
+			}
+		],
+		"title":"An update for python-pip is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:15+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:15+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:15+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:15+08:00",
+			"id":"openEuler-SA-2024-1869",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"python-pip-20.2.2-9.oe2003sp4.src.rpm",
+									"name":"python-pip-20.2.2-9.oe2003sp4.src.rpm"
+								},
+								"name":"python-pip-20.2.2-9.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"python-pip-help-20.2.2-9.oe2003sp4.noarch.rpm",
+									"name":"python-pip-help-20.2.2-9.oe2003sp4.noarch.rpm"
+								},
+								"name":"python-pip-help-20.2.2-9.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"python-pip-wheel-20.2.2-9.oe2003sp4.noarch.rpm",
+									"name":"python-pip-wheel-20.2.2-9.oe2003sp4.noarch.rpm"
+								},
+								"name":"python-pip-wheel-20.2.2-9.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"python2-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+									"name":"python2-pip-20.2.2-9.oe2003sp4.noarch.rpm"
+								},
+								"name":"python2-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"python3-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+									"name":"python3-pip-20.2.2-9.oe2003sp4.noarch.rpm"
+								},
+								"name":"python3-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"python-pip-20.2.2-9.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+					"name":"python-pip-20.2.2-9.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"python-pip-help-20.2.2-9.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+					"name":"python-pip-help-20.2.2-9.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"python-pip-wheel-20.2.2-9.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+					"name":"python-pip-wheel-20.2.2-9.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"python2-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+					"name":"python2-pip-20.2.2-9.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"python3-pip-20.2.2-9.oe2003sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch",
+					"name":"python3-pip-20.2.2-9.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-43804",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1869"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-43804"
+		},
+		{
+			"cve":"CVE-2023-45803",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn t remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren t putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn t exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren t expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1869"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.2,
+						"vectorString":"CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-45803"
+		},
+		{
+			"cve":"CVE-2024-37891",
+			"notes":[
+				{
+					"text":"urllib3 is a user-friendly HTTP client library for Python. When using urllib3 s proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3 s proxy support, it s possible to accidentally configure the `Proxy-Authorization` header even though it won t have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn t treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn t strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3 s proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren t using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3 s built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3 s `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+					"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					],
+					"details":"python-pip security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1869"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.4,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:python-pip-20.2.2-9.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:python-pip-help-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python-pip-wheel-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python2-pip-20.2.2-9.oe2003sp4.noarch",
+						"openEuler-20.03-LTS-SP4:python3-pip-20.2.2-9.oe2003sp4.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-37891"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1870.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1870.json
@ -0,0 +1,610 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"openssh security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\n\nSecurity Fix(es):\n\nA race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.(CVE-2024-6409)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"openssh",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1870",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1870"
+			},
+			{
+				"summary":"CVE-2024-6409",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6409&packageName=openssh"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6409"
+			},
+			{
+				"summary":"openEuler-SA-2024-1870 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1870.json"
+			}
+		],
+		"title":"An update for openssh is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:16+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:16+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:16+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:16+08:00",
+			"id":"openEuler-SA-2024-1870",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp1.aarch64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp1.src.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp1.src.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp1.x86_64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openssh-help-8.8p1-32.oe2203sp1.noarch.rpm",
+									"name":"openssh-help-8.8p1-32.oe2203sp1.noarch.rpm"
+								},
+								"name":"openssh-help-8.8p1-32.oe2203sp1.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.aarch64",
+					"name":"openssh-server-8.8p1-32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-8.8p1-32.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.src",
+					"name":"openssh-8.8p1-32.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.x86_64",
+					"name":"openssh-server-8.8p1-32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"openssh-help-8.8p1-32.oe2203sp1.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:openssh-help-8.8p1-32.oe2203sp1.noarch",
+					"name":"openssh-help-8.8p1-32.oe2203sp1.noarch as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6409",
+			"notes":[
+				{
+					"text":"A signal handler race condition vulnerability was found in OpenSSH s server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:openssh-help-8.8p1-32.oe2203sp1.noarch"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-help-8.8p1-32.oe2203sp1.noarch"
+					],
+					"details":"openssh security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1870"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.0,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:openssh-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-askpass-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-clients-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-debuginfo-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-debugsource-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-keycat-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-server-8.8p1-32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:openssh-help-8.8p1-32.oe2203sp1.noarch"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6409"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1871.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1871.json
@ -0,0 +1,610 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"openssh security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\n\nSecurity Fix(es):\n\nA race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.(CVE-2024-6409)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"openssh",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1871",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1871"
+			},
+			{
+				"summary":"CVE-2024-6409",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6409&packageName=openssh"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6409"
+			},
+			{
+				"summary":"openEuler-SA-2024-1871 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1871.json"
+			}
+		],
+		"title":"An update for openssh is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:18+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:18+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:18+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:18+08:00",
+			"id":"openEuler-SA-2024-1871",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp3.src.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp3.src.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp3.x86_64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-help-8.8p1-32.oe2203sp3.noarch.rpm",
+									"name":"openssh-help-8.8p1-32.oe2203sp3.noarch.rpm"
+								},
+								"name":"openssh-help-8.8p1-32.oe2203sp3.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp3.aarch64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-8.8p1-32.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.src",
+					"name":"openssh-8.8p1-32.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.x86_64",
+					"name":"openssh-server-8.8p1-32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-help-8.8p1-32.oe2203sp3.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-help-8.8p1-32.oe2203sp3.noarch",
+					"name":"openssh-help-8.8p1-32.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.aarch64",
+					"name":"openssh-server-8.8p1-32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6409",
+			"notes":[
+				{
+					"text":"A signal handler race condition vulnerability was found in OpenSSH s server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:openssh-help-8.8p1-32.oe2203sp3.noarch",
+					"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-help-8.8p1-32.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64"
+					],
+					"details":"openssh security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1871"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.0,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:openssh-help-8.8p1-32.oe2203sp3.noarch",
+						"openEuler-22.03-LTS-SP3:openssh-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-askpass-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-clients-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-debuginfo-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-debugsource-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-keycat-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:openssh-server-8.8p1-32.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp3.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6409"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1872.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1872.json
@ -0,0 +1,610 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"openssh security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\n\nSecurity Fix(es):\n\nA race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.(CVE-2024-6409)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for openssh is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"openssh",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1872",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1872"
+			},
+			{
+				"summary":"CVE-2024-6409",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-6409&packageName=openssh"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-6409"
+			},
+			{
+				"summary":"openEuler-SA-2024-1872 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1872.json"
+			}
+		],
+		"title":"An update for openssh is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:19+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:19+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:19+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:19+08:00",
+			"id":"openEuler-SA-2024-1872",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp4.x86_64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"noarch",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-help-8.8p1-32.oe2203sp4.noarch.rpm",
+									"name":"openssh-help-8.8p1-32.oe2203sp4.noarch.rpm"
+								},
+								"name":"openssh-help-8.8p1-32.oe2203sp4.noarch.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-askpass-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-askpass-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-askpass-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-clients-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-clients-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-clients-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-keycat-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-keycat-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-keycat-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-server-8.8p1-32.oe2203sp4.aarch64.rpm",
+									"name":"openssh-server-8.8p1-32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"openssh-server-8.8p1-32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64.rpm",
+									"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64.rpm"
+								},
+								"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openssh-8.8p1-32.oe2203sp4.src.rpm",
+									"name":"openssh-8.8p1-32.oe2203sp4.src.rpm"
+								},
+								"name":"openssh-8.8p1-32.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.x86_64",
+					"name":"openssh-server-8.8p1-32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-help-8.8p1-32.oe2203sp4.noarch.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-help-8.8p1-32.oe2203sp4.noarch",
+					"name":"openssh-help-8.8p1-32.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-askpass-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-askpass-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-clients-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-clients-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-debugsource-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-keycat-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-keycat-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-server-8.8p1-32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.aarch64",
+					"name":"openssh-server-8.8p1-32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64",
+					"name":"pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"openssh-8.8p1-32.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.src",
+					"name":"openssh-8.8p1-32.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2024-6409",
+			"notes":[
+				{
+					"text":"A signal handler race condition vulnerability was found in OpenSSH s server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This issue leaves it vulnerable to a signal handler race condition on the cleanup_exit() function, which introduces the same vulnerability as CVE-2024-6387 in the unprivileged child of the SSHD server. As a consequence of a successful attack, in the worst case scenario, the attacker may be able to perform a remote code execution (RCE) within unprivileged user running the sshd server. This vulnerability affects only the sshd server shipped with Red Hat Enterprise Linux 9, while upstream versions of sshd are not impact by this flaw.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:openssh-help-8.8p1-32.oe2203sp4.noarch",
+					"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.src"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-help-8.8p1-32.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.src"
+					],
+					"details":"openssh security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1872"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":7.0,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:openssh-help-8.8p1-32.oe2203sp4.noarch",
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-askpass-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-clients-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-debuginfo-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-debugsource-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-keycat-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-server-8.8p1-32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:pam_ssh_agent_auth-0.10.4-4.32.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:openssh-8.8p1-32.oe2203sp4.src"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-6409"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1873.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1873.json
@ -0,0 +1,671 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nAn integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.(CVE-2022-1475)\n\nlibavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434)\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1873",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1873"
+			},
+			{
+				"summary":"CVE-2022-1475",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-1475&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2022-48434",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48434&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2024-32230",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32230&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1475"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48434"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32230"
+			},
+			{
+				"summary":"openEuler-SA-2024-1873 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1873.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-20.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:20+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:20+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:20+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:20+08:00",
+			"id":"openEuler-SA-2024-1873",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"openEuler-20.03-LTS-SP4",
+									"name":"openEuler-20.03-LTS-SP4"
+								},
+								"name":"openEuler-20.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2003sp4.aarch64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2003sp4.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2003sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2003sp4.src.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2003sp4.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2003sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2003sp4.x86_64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2003sp4.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2003sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+					"name":"ffmpeg-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-17.oe2003sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+					"name":"libavdevice-4.2.4-17.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2003sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+					"name":"ffmpeg-4.2.4-17.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+					"name":"ffmpeg-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-20.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-17.oe2003sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64",
+					"name":"libavdevice-4.2.4-17.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-1475",
+			"notes":[
+				{
+					"text":"An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1873"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-1475"
+		},
+		{
+			"cve":"CVE-2022-48434",
+			"notes":[
+				{
+					"text":"libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1873"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-48434"
+		},
+		{
+			"cve":"CVE-2024-32230",
+			"notes":[
+				{
+					"text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+					"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+					"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1873"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.aarch64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.src",
+						"openEuler-20.03-LTS-SP4:ffmpeg-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2003sp4.x86_64",
+						"openEuler-20.03-LTS-SP4:libavdevice-4.2.4-17.oe2003sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-32230"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1874.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1874.json
@ -0,0 +1,580 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"Medium"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-24.03-LTS",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nBuffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.(CVE-2023-49528)\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"Medium",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1874",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1874"
+			},
+			{
+				"summary":"CVE-2023-49528",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-49528&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2024-32230",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32230&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49528"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32230"
+			},
+			{
+				"summary":"openEuler-SA-2024-1874 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1874.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-24.03-LTS",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:21+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:21+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:21+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:21+08:00",
+			"id":"openEuler-SA-2024-1874",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"openEuler-24.03-LTS",
+									"name":"openEuler-24.03-LTS"
+								},
+								"name":"openEuler-24.03-LTS",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"libavdevice-6.1.1-11.oe2403.aarch64.rpm",
+									"name":"libavdevice-6.1.1-11.oe2403.aarch64.rpm"
+								},
+								"name":"libavdevice-6.1.1-11.oe2403.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-6.1.1-11.oe2403.src.rpm",
+									"name":"ffmpeg-6.1.1-11.oe2403.src.rpm"
+								},
+								"name":"ffmpeg-6.1.1-11.oe2403.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:24.03-LTS"
+									},
+									"product_id":"libavdevice-6.1.1-11.oe2403.x86_64.rpm",
+									"name":"libavdevice-6.1.1-11.oe2403.x86_64.rpm"
+								},
+								"name":"libavdevice-6.1.1-11.oe2403.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+					"name":"ffmpeg-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+					"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+					"name":"ffmpeg-debugsource-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-devel-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+					"name":"ffmpeg-devel-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-libs-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+					"name":"ffmpeg-libs-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"libavdevice-6.1.1-11.oe2403.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+					"name":"libavdevice-6.1.1-11.oe2403.aarch64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-6.1.1-11.oe2403.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+					"name":"ffmpeg-6.1.1-11.oe2403.src as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+					"name":"ffmpeg-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+					"name":"ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+					"name":"ffmpeg-debugsource-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-devel-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+					"name":"ffmpeg-devel-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"ffmpeg-libs-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+					"name":"ffmpeg-libs-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-24.03-LTS",
+				"product_reference":"libavdevice-6.1.1-11.oe2403.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64",
+					"name":"libavdevice-6.1.1-11.oe2403.x86_64 as a component of openEuler-24.03-LTS"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2023-49528",
+			"notes":[
+				{
+					"text":"Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1874"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":4.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2023-49528"
+		},
+		{
+			"cve":"CVE-2024-32230",
+			"notes":[
+				{
+					"text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+					"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+					"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1874"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.aarch64",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.src",
+						"openEuler-24.03-LTS:ffmpeg-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debuginfo-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-debugsource-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-devel-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:ffmpeg-libs-6.1.1-11.oe2403.x86_64",
+						"openEuler-24.03-LTS:libavdevice-6.1.1-11.oe2403.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-32230"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1875.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1875.json
@ -0,0 +1,671 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nAn integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.(CVE-2022-1475)\n\nlibavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434)\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1875",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1875"
+			},
+			{
+				"summary":"CVE-2022-1475",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-1475&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2022-48434",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48434&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2024-32230",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32230&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1475"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48434"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32230"
+			},
+			{
+				"summary":"openEuler-SA-2024-1875 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1875.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP4",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:23+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:23+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:23+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:23+08:00",
+			"id":"openEuler-SA-2024-1875",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"openEuler-22.03-LTS-SP4",
+									"name":"openEuler-22.03-LTS-SP4"
+								},
+								"name":"openEuler-22.03-LTS-SP4",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp4.aarch64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp4.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp4.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp4.src.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp4.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp4.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp4.x86_64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp4.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp4.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp4.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+					"name":"libavdevice-4.2.4-17.oe2203sp4.aarch64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp4.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+					"name":"ffmpeg-4.2.4-17.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP4",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp4.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64",
+					"name":"libavdevice-4.2.4-17.oe2203sp4.x86_64 as a component of openEuler-22.03-LTS-SP4"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-1475",
+			"notes":[
+				{
+					"text":"An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1875"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-1475"
+		},
+		{
+			"cve":"CVE-2022-48434",
+			"notes":[
+				{
+					"text":"libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1875"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-48434"
+		},
+		{
+			"cve":"CVE-2024-32230",
+			"notes":[
+				{
+					"text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+					"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+					"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1875"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.aarch64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.src",
+						"openEuler-22.03-LTS-SP4:ffmpeg-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debuginfo-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-debugsource-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-devel-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:ffmpeg-libs-4.2.4-17.oe2203sp4.x86_64",
+						"openEuler-22.03-LTS-SP4:libavdevice-4.2.4-17.oe2203sp4.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-32230"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1876.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1876.json
@ -0,0 +1,671 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nAn integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.(CVE-2022-1475)\n\nlibavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434)\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1876",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1876"
+			},
+			{
+				"summary":"CVE-2022-1475",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-1475&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2022-48434",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48434&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2024-32230",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32230&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1475"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48434"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32230"
+			},
+			{
+				"summary":"openEuler-SA-2024-1876 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1876.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP1",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:24+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:24+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:24+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:24+08:00",
+			"id":"openEuler-SA-2024-1876",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"openEuler-22.03-LTS-SP1",
+									"name":"openEuler-22.03-LTS-SP1"
+								},
+								"name":"openEuler-22.03-LTS-SP1",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp1.src.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp1.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp1.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp1.x86_64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp1.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp1.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp1.aarch64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp1.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp1.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp1.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+					"name":"ffmpeg-4.2.4-17.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp1.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+					"name":"libavdevice-4.2.4-17.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP1",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp1.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64",
+					"name":"libavdevice-4.2.4-17.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-1475",
+			"notes":[
+				{
+					"text":"An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1876"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-1475"
+		},
+		{
+			"cve":"CVE-2022-48434",
+			"notes":[
+				{
+					"text":"libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1876"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-48434"
+		},
+		{
+			"cve":"CVE-2024-32230",
+			"notes":[
+				{
+					"text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+					"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1876"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.src",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.x86_64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debuginfo-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-debugsource-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-devel-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:ffmpeg-libs-4.2.4-17.oe2203sp1.aarch64",
+						"openEuler-22.03-LTS-SP1:libavdevice-4.2.4-17.oe2203sp1.aarch64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-32230"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1877.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1877.json
@ -0,0 +1,671 @@
+{
+	"document":{
+		"aggregate_severity":{
+			"namespace":"https://nvd.nist.gov/vuln-metrics/cvss",
+			"text":"High"
+		},
+		"category":"csaf_vex",
+		"csaf_version":"2.0",
+		"distribution":{
+			"tlp":{
+				"label":"WHITE",
+				"url":"https:/www.first.org/tlp/"
+			}
+		},
+		"lang":"en",
+		"notes":[
+			{
+				"text":"ffmpeg security update",
+				"category":"general",
+				"title":"Synopsis"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3",
+				"category":"general",
+				"title":"Summary"
+			},
+			{
+				"text":"FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\n\nSecurity Fix(es):\n\nAn integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.(CVE-2022-1475)\n\nlibavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).(CVE-2022-48434)\n\nFFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0(CVE-2024-32230)",
+				"category":"general",
+				"title":"Description"
+			},
+			{
+				"text":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.",
+				"category":"general",
+				"title":"Topic"
+			},
+			{
+				"text":"High",
+				"category":"general",
+				"title":"Severity"
+			},
+			{
+				"text":"ffmpeg",
+				"category":"general",
+				"title":"Affected Component"
+			}
+		],
+		"publisher":{
+			"issuing_authority":"openEuler security committee",
+			"name":"openEuler",
+			"namespace":"https://www.openeuler.org",
+			"contact_details":"openeuler-security@openeuler.org",
+			"category":"vendor"
+		},
+		"references":[
+			{
+				"summary":"openEuler-SA-2024-1877",
+				"category":"self",
+				"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1877"
+			},
+			{
+				"summary":"CVE-2022-1475",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-1475&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2022-48434",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2022-48434&packageName=ffmpeg"
+			},
+			{
+				"summary":"CVE-2024-32230",
+				"category":"self",
+				"url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-32230&packageName=ffmpeg"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1475"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-48434"
+			},
+			{
+				"summary":"nvd cve",
+				"category":"external",
+				"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32230"
+			},
+			{
+				"summary":"openEuler-SA-2024-1877 vex file",
+				"category":"self",
+				"url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openEuler-SA-2024-1877.json"
+			}
+		],
+		"title":"An update for ffmpeg is now available for openEuler-22.03-LTS-SP3",
+		"tracking":{
+			"initial_release_date":"2024-07-19T21:24:25+08:00",
+			"revision_history":[
+				{
+					"date":"2024-07-19T21:24:25+08:00",
+					"summary":"Initial",
+					"number":"1.0.0"
+				}
+			],
+			"generator":{
+				"date":"2024-07-19T21:24:25+08:00",
+				"engine":{
+					"name":"openEuler CSAF Tool V1.0"
+				}
+			},
+			"current_release_date":"2024-07-19T21:24:25+08:00",
+			"id":"openEuler-SA-2024-1877",
+			"version":"1.0.0",
+			"status":"final"
+		}
+	},
+	"product_tree":{
+		"branches":[
+			{
+				"name":"openEuler",
+				"category":"vendor",
+				"branches":[
+					{
+						"name":"openEuler",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"openEuler-22.03-LTS-SP3",
+									"name":"openEuler-22.03-LTS-SP3"
+								},
+								"name":"openEuler-22.03-LTS-SP3",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"aarch64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp3.aarch64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp3.aarch64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp3.aarch64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"src",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp3.src.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp3.src.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp3.src.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					},
+					{
+						"name":"x86_64",
+						"branches":[
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							},
+							{
+								"product":{
+									"product_identification_helper":{
+										"cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3"
+									},
+									"product_id":"libavdevice-4.2.4-17.oe2203sp3.x86_64.rpm",
+									"name":"libavdevice-4.2.4-17.oe2203sp3.x86_64.rpm"
+								},
+								"name":"libavdevice-4.2.4-17.oe2203sp3.x86_64.rpm",
+								"category":"product_version"
+							}
+						],
+						"category":"product_name"
+					}
+				]
+			}
+		],
+		"relationships":[
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp3.aarch64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+					"name":"libavdevice-4.2.4-17.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp3.src.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+					"name":"ffmpeg-4.2.4-17.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+					"name":"ffmpeg-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+					"name":"ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+					"name":"ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+					"name":"ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+					"name":"ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			},
+			{
+				"relates_to_product_reference":"openEuler-22.03-LTS-SP3",
+				"product_reference":"libavdevice-4.2.4-17.oe2203sp3.x86_64.rpm",
+				"full_product_name":{
+					"product_id":"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64",
+					"name":"libavdevice-4.2.4-17.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3"
+				},
+				"category":"default_component_of"
+			}
+		]
+	},
+	"vulnerabilities":[
+		{
+			"cve":"CVE-2022-1475",
+			"notes":[
+				{
+					"text":"An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1877"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":5.5,
+						"vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-1475"
+		},
+		{
+			"cve":"CVE-2022-48434",
+			"notes":[
+				{
+					"text":"libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1877"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"HIGH",
+						"baseScore":8.1,
+						"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"High",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2022-48434"
+		},
+		{
+			"cve":"CVE-2024-32230",
+			"notes":[
+				{
+					"text":"FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0",
+					"category":"description",
+					"title":"Vulnerability Description"
+				}
+			],
+			"product_status":{
+				"fixed":[
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+					"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+					"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+				]
+			},
+			"remediations":[
+				{
+					"product_ids":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					],
+					"details":"ffmpeg security update",
+					"category":"vendor_fix",
+					"url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1877"
+				}
+			],
+			"scores":[
+				{
+					"cvss_v3":{
+						"baseSeverity":"MEDIUM",
+						"baseScore":6.3,
+						"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+						"version":"3.1"
+					},
+					"products":[
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.aarch64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.src",
+						"openEuler-22.03-LTS-SP3:ffmpeg-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debuginfo-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-debugsource-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-devel-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:ffmpeg-libs-4.2.4-17.oe2203sp3.x86_64",
+						"openEuler-22.03-LTS-SP3:libavdevice-4.2.4-17.oe2203sp3.x86_64"
+					]
+				}
+			],
+			"threats":[
+				{
+					"details":"Medium",
+					"category":"impact"
+				}
+			],
+			"title":"CVE-2024-32230"
+		}
+	]
+}
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1878.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1878.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1879.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1879.json
--- a/csaf/advisories/2024/csaf-openEuler-SA-2024-1880.json
+++ b/csaf/advisories/2024/csaf-openEuler-SA-2024-1880.json
--- a/csaf/advisories/index.txt
+++ b/csaf/advisories/index.txt
@ -0,0 +1,65 @@
+2024/csaf-openEuler-SA-2024-1816.json
+2024/csaf-openEuler-SA-2024-1817.json
+2024/csaf-openEuler-SA-2024-1818.json
+2024/csaf-openEuler-SA-2024-1819.json
+2024/csaf-openEuler-SA-2024-1820.json
+2024/csaf-openEuler-SA-2024-1821.json
+2024/csaf-openEuler-SA-2024-1822.json
+2024/csaf-openEuler-SA-2024-1823.json
+2024/csaf-openEuler-SA-2024-1824.json
+2024/csaf-openEuler-SA-2024-1825.json
+2024/csaf-openEuler-SA-2024-1826.json
+2024/csaf-openEuler-SA-2024-1827.json
+2024/csaf-openEuler-SA-2024-1828.json
+2024/csaf-openEuler-SA-2024-1829.json
+2024/csaf-openEuler-SA-2024-1830.json
+2024/csaf-openEuler-SA-2024-1831.json
+2024/csaf-openEuler-SA-2024-1832.json
+2024/csaf-openEuler-SA-2024-1833.json
+2024/csaf-openEuler-SA-2024-1834.json
+2024/csaf-openEuler-SA-2024-1835.json
+2024/csaf-openEuler-SA-2024-1836.json
+2024/csaf-openEuler-SA-2024-1837.json
+2024/csaf-openEuler-SA-2024-1838.json
+2024/csaf-openEuler-SA-2024-1839.json
+2024/csaf-openEuler-SA-2024-1840.json
+2024/csaf-openEuler-SA-2024-1841.json
+2024/csaf-openEuler-SA-2024-1842.json
+2024/csaf-openEuler-SA-2024-1843.json
+2024/csaf-openEuler-SA-2024-1844.json
+2024/csaf-openEuler-SA-2024-1845.json
+46.json
+2024/csaf-openEuler-SA-2024-1847.json
+2024/csaf-openEuler-SA-2024-1848.json
+2024/csaf-openEuler-SA-2024-1849.json
+2024/csaf-openEuler-SA-2024-1850.json
+2024/csaf-openEuler-SA-2024-1851.json
+2024/csaf-openEuler-SA-2024-1852.json
+2024/csaf-openEuler-SA-2024-1853.json
+2024/csaf-openEuler-SA-2024-1854.json
+2024/csaf-openEuler-SA-2024-1855.json
+2024/csaf-openEuler-SA-2024-1856.json
+2024/csaf-openEuler-SA-2024-1857.json
+2024/csaf-openEuler-SA-2024-1858.json
+2024/csaf-openEuler-SA-2024-1859.json
+2024/csaf-openEuler-SA-2024-1860.json
+2024/csaf-openEuler-SA-2024-1861.json
+2024/csaf-openEuler-SA-2024-1862.json
+2024/csaf-openEuler-SA-2024-1863.json
+2024/csaf-openEuler-SA-2024-1864.json
+2024/csaf-openEuler-SA-2024-1865.json
+2024/csaf-openEuler-SA-2024-1866.json
+2024/csaf-openEuler-SA-2024-1867.json
+2024/csaf-openEuler-SA-2024-1868.json
+2024/csaf-openEuler-SA-2024-1869.json
+2024/csaf-openEuler-SA-2024-1870.json
+2024/csaf-openEuler-SA-2024-1871.json
+2024/csaf-openEuler-SA-2024-1872.json
+2024/csaf-openEuler-SA-2024-1873.json
+2024/csaf-openEuler-SA-2024-1874.json
+2024/csaf-openEuler-SA-2024-1875.json
+2024/csaf-openEuler-SA-2024-1876.json
+2024/csaf-openEuler-SA-2024-1877.json
+2024/csaf-openEuler-SA-2024-1878.json
+2024/csaf-openEuler-SA-2024-1879.json
+2024/csaf-openEuler-SA-2024-1880.json
--- a/csaf2cusa.json
+++ b/csaf2cusa.json
@ -1,4 +1,4 @@
 {
-  "source": "cvrfs",
+  "source": "csaf",
  "target": "cusas"
 }
--- a/cusas/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json
+++ b/cusas/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-2056",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2056",
-  "title": "An update for three-eight-nine-ds-base is now available for openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.(CVE-2020-35518)",
-  "cves": [
-    {
-      "id": "CVE-2020-35518",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35518",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json
+++ b/cusas/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2024-1148",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1148",
-  "title": "An update for three-eight-nine-ds-base is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
-  "severity": "Moderate",
-  "description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.(CVE-2024-1062)",
-  "cves": [
-    {
-      "id": "CVE-2024-1062",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1062",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-1670",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1670",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
-  "severity": "Important",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114)",
-  "cves": [
-    {
-      "id": "CVE-2022-1114",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-1896",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1896",
-  "title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.(CVE-2022-2719)",
-  "cves": [
-    {
-      "id": "CVE-2022-2719",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2719",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-1903",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1903",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.(CVE-2022-1115)",
-  "cves": [
-    {
-      "id": "CVE-2022-1115",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-1998",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1998",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213)",
-  "cves": [
-    {
-      "id": "CVE-2022-3213",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-2091",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2091",
-  "title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain=\"module\" rights=\"none\" pattern=\"PS\" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain=\"coder\" rights=\"none\" pattern=\"{PS,EPI,EPS,EPSF,EPSI}\" />.(CVE-2021-39212)\r\n\r\nA NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596)",
-  "cves": [
-    {
-      "id": "CVE-2021-3596",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3596",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-2109",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2109",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
-  "severity": "Important",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.(CVE-2022-32547)",
-  "cves": [
-    {
-      "id": "CVE-2022-32547",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1065",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1065",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
-  "severity": "Important",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.(CVE-2022-44267)\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).(CVE-2022-44268)",
-  "cves": [
-    {
-      "id": "CVE-2022-44268",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44268",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1259",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1259",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \"/tmp,\" resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.(CVE-2023-1289)\r\n\r\nA heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-1906)",
-  "cves": [
-    {
-      "id": "CVE-2023-1906",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1906",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1332",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1332",
-  "title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.(CVE-2023-2157)",
-  "cves": [
-    {
-      "id": "CVE-2023-2157",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2157",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1349",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1349",
-  "title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
-  "severity": "Important",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).(CVE-2023-34151)\n\nA vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.(CVE-2023-34153)",
-  "cves": [
-    {
-      "id": "CVE-2023-34153",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34153",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1407",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1407",
-  "title": "An update for ImageMagick is now available for openEuler-22.03-LTS",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34474)\n\nA heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34475)",
-  "cves": [
-    {
-      "id": "CVE-2023-34475",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34475",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1442",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1442",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick <=7.1.1, where heap-based buffer overflow was found in coders/tiff.c.\n\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790(CVE-2023-3428)",
-  "cves": [
-    {
-      "id": "CVE-2023-3428",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3428",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json
+++ b/cusas/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1733",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1733",
-  "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
-  "severity": "Moderate",
-  "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in ImageMagick <=7.1.1, where heap use-after-free was found in coders/bmp.c.\r\n\r\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1(CVE-2023-5341)",
-  "cves": [
-    {
-      "id": "CVE-2023-5341",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5341",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/iSulad/config.json
+++ b/cusas/I/iSulad/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/iSulad/iSulad-2.0.18-13_openEuler-SA-2023-1686.json
+++ b/cusas/I/iSulad/iSulad-2.0.18-13_openEuler-SA-2023-1686.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1686",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1686",
-  "title": "An update for iSulad is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
-  "severity": "Critical",
-  "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nWhen malicious images are pulled by isula pull, attackers can execute arbitrary code.(CVE-2021-33635)\r\n\r\nWhen the isula load command is used to load malicious images, attackers can execute arbitrary code.(CVE-2021-33636)\r\n\r\nWhen the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.(CVE-2021-33637)\r\n\r\nWhen the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.(CVE-2021-33638)",
-  "cves": [
-    {
-      "id": "CVE-2021-33638",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33638",
-      "severity": "Critical"
-    }
-  ]
-}
--- a/cusas/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json
+++ b/cusas/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2024-1287",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287",
-  "title": "An update for iSulad is now available for openEuler-22.03-LTS",
-  "severity": "Important",
-  "description": "This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C.\r\n\r\nSecurity Fix(es):\r\n\r\n在isulad服务初始化阶段，会进行临时文件的正确性检查，如果检查不通过则重新创建文件，在检查与创建之间，存在一个条件竞争问题，攻击者可以通过利用该漏洞进行提权。(CVE-2021-33632)",
-  "cves": [
-    {
-      "id": "CVE-2021-33632",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33632",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/ibus/config.json
+++ b/cusas/I/ibus/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/icu/config.json
+++ b/cusas/I/icu/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/ignition/config.json
+++ b/cusas/I/ignition/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/indent/config.json
+++ b/cusas/I/indent/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json
+++ b/cusas/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1552",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1552",
-  "title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2",
-  "severity": "Important",
-  "description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.(CVE-2023-40305)",
-  "cves": [
-    {
-      "id": "CVE-2023-40305",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40305",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json
+++ b/cusas/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2024-1199",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1199",
-  "title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
-  "severity": "Moderate",
-  "description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.(CVE-2024-0911)",
-  "cves": [
-    {
-      "id": "CVE-2024-0911",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0911",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/infinispan/config.json
+++ b/cusas/I/infinispan/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json
+++ b/cusas/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2024-1667",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1667",
-  "title": "An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3",
-  "severity": "Important",
-  "description": "Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities.  At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174)",
-  "cves": [
-    {
-      "id": "CVE-2019-10174",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174",
-      "severity": "Important"
-    }
-  ]
-}
--- a/cusas/I/iniparser/config.json
+++ b/cusas/I/iniparser/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json
+++ b/cusas/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2023-1388",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1388",
-  "title": "An update for iniparser is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1",
-  "severity": "Moderate",
-  "description": "This modules offers parsing of ini files from the C level. See a complete documentation in HTML format, from this directory open the file html/index.html with any HTML-capable browser.\r\n\r\nSecurity Fix(es):\r\n\r\niniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.(CVE-2023-33461)",
-  "cves": [
-    {
-      "id": "CVE-2023-33461",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33461",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/intel-sgx-ssl/config.json
+++ b/cusas/I/intel-sgx-ssl/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/cusas/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json
+++ b/cusas/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json
@ -1,14 +0,0 @@
-{
-  "id": "openEuler-SA-2022-1898",
-  "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1898",
-  "title": "An update for intel-sgx-ssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS",
-  "severity": "Important",
-  "description": "The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications. The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library. Supported OpenSSL version is 1.1.1l.\r\n\r\nSecurity Fix(es):\r\n\r\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)\r\n\r\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)",
-  "cves": [
-    {
-      "id": "CVE-2022-0778",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778",
-      "severity": "Moderate"
-    }
-  ]
-}
--- a/cusas/I/iperf3/config.json
+++ b/cusas/I/iperf3/config.json
@ -1,5 +0,0 @@
-{
-  "upstream": "22.03-LTS",
-  "autobuild": true,
-  "fixed_version": ""
-}
--- a/Show More
+++ b/Show More