From f1c461dcf90689038511b6c0792c2ccede48ece7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?GUILLON=20Beno=C3=AEt?= <benoit.guillon@viveris.fr>
Date: Fri, 2 Aug 2024 12:33:56 +0200
Subject: [PATCH 1/2] fix: grype_db #344 missing CVE/Package associations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: GUILLON Benoît <benoit.guillon@viveris.fr>
---
 src/vunnel/providers/sles/parser.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/vunnel/providers/sles/parser.py b/src/vunnel/providers/sles/parser.py
index 20aed8ea..9b08fff9 100644
--- a/src/vunnel/providers/sles/parser.py
+++ b/src/vunnel/providers/sles/parser.py
@@ -323,7 +323,12 @@ def _transform_oval_vulnerabilities(cls, major_version: str, parsed_dict: dict)
                 if release_version not in version_release_feed:
                     version_release_feed[release_version] = defaultdict(Vulnerability)
 
-                version_release_feed[release_version][release_name] = feed_obj
+                if release_name not in version_release_feed[release_version]:
+                    version_release_feed[release_version][release_name] = feed_obj
+                else:
+                    old_feed_obj = version_release_feed[release_version][release_name]
+                    feed_obj.FixedIn.extend(old_feed_obj.FixedIn)
+                    version_release_feed[release_version][release_name] = feed_obj
 
             # resolve multiple normalized entries per version
             results.extend(cls._release_resolver(version_release_feed, vulnerability_obj.name))

From f4292c5a84228e467197c7366161e2b9fb5e3b08 Mon Sep 17 00:00:00 2001
From: Will Murphy <willmurphyscode@users.noreply.github.com>
Date: Tue, 6 Aug 2024 08:37:50 -0400
Subject: [PATCH 2/2] chore: add unit tests for SLES parser fix

Signed-off-by: Will Murphy <willmurphyscode@users.noreply.github.com>
---
 .../snapshots/sles:15/cve-2010-1323.json      | 125 +++++++++++++
 .../sles/test-fixtures/suse_truncated.xml     | 172 ++++++++++++++++++
 tests/unit/providers/sles/test_sles.py        | 100 +++++++++-
 3 files changed, 393 insertions(+), 4 deletions(-)
 create mode 100644 tests/unit/providers/sles/test-fixtures/snapshots/sles:15/cve-2010-1323.json

diff --git a/tests/unit/providers/sles/test-fixtures/snapshots/sles:15/cve-2010-1323.json b/tests/unit/providers/sles/test-fixtures/snapshots/sles:15/cve-2010-1323.json
new file mode 100644
index 00000000..b677c6df
--- /dev/null
+++ b/tests/unit/providers/sles/test-fixtures/snapshots/sles:15/cve-2010-1323.json
@@ -0,0 +1,125 @@
+{
+  "identifier": "sles:15/cve-2010-1323",
+  "item": {
+    "Vulnerability": {
+      "CVSS": [
+        {
+          "base_metrics": {
+            "base_score": 3.7,
+            "base_severity": "Low",
+            "exploitability_score": 2.2,
+            "impact_score": 1.4
+          },
+          "status": "N/A",
+          "vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "version": "3.0"
+        }
+      ],
+      "Description": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checks\n                  ums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain\n                  checksums that (1) are unkeyed or (2) use RC4 keys.",
+      "FixedIn": [
+        {
+          "Module": "",
+          "Name": "krb5-plugin-kdb-ldap",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-server",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-32bit",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-client",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-devel",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-plugin-preauth-otp",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        },
+        {
+          "Module": "",
+          "Name": "krb5-plugin-preauth-pkinit",
+          "NamespaceName": "sles:15",
+          "VendorAdvisory": {
+            "AdvisorySummary": [],
+            "NoAdvisory": false
+          },
+          "Version": "0:1.15.2-4.25",
+          "VersionFormat": "rpm",
+          "VulnerableRange": null
+        }
+      ],
+      "Link": "https://www.suse.com/security/cve/CVE-2010-1323",
+      "Metadata": {},
+      "Name": "CVE-2010-1323",
+      "NamespaceName": "sles:15",
+      "Severity": "Medium"
+    }
+  },
+  "schema": "https://raw.githubusercontent.com/anchore/vunnel/main/schema/vulnerability/os/schema-1.0.0.json"
+}
diff --git a/tests/unit/providers/sles/test-fixtures/suse_truncated.xml b/tests/unit/providers/sles/test-fixtures/suse_truncated.xml
index b1886563..60a0323d 100644
--- a/tests/unit/providers/sles/test-fixtures/suse_truncated.xml
+++ b/tests/unit/providers/sles/test-fixtures/suse_truncated.xml
@@ -227,6 +227,77 @@
         </criteria>
       </criteria>
     </definition>
+      <definition id="oval:org.opensuse.security:def:20101323" version="1" class="vulnerability">
+          <metadata>
+              <title>CVE-2010-1323</title>
+              <affected family="unix">
+                  <platform>SUSE Linux Enterprise Desktop 15</platform>
+                  <platform>SUSE Linux Enterprise High Performance Computing 15</platform>
+                  <platform>SUSE Linux Enterprise Module for Basesystem 15</platform>
+                  <platform>SUSE Linux Enterprise Module for Server Applications 15</platform>
+                  <platform>SUSE Linux Enterprise Server 15</platform>
+                  <platform>SUSE Linux Enterprise Server for SAP Applications 15</platform>
+              </affected>
+              <reference source="CVE" ref_id="Mitre CVE-2010-1323" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323"></reference>
+              <reference source="SUSE CVE" ref_id="SUSE CVE-2010-1323" ref_url="https://www.suse.com/security/cve/CVE-2010-1323"></reference>
+              <reference source="SUSE-SU" ref_id="SUSE-SR:2010:023" ref_url="https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JM6O73UJO5HWG5
+RGIFFSFKGTDNFSGYWB/#JM6O73UJO5HWG5RGIFFSFKGTDNFSGYWB"></reference>
+              <reference source="SUSE-SU" ref_id="SUSE-SR:2010:024" ref_url="https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QQHP7MDAGKGRMV
+UG64TKDHFDLMRIRJQG/#QQHP7MDAGKGRMVUG64TKDHFDLMRIRJQG"></reference>
+              <reference source="SUSE-SU" ref_id="TID7008287" ref_url="https://www.suse.com/support/kb/doc/?id=7008287"></reference>
+              <description>&#xA;    MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checks
+                  ums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain
+                  checksums that (1) are unkeyed or (2) use RC4 keys.&#xA;    </description>
+              <advisory>
+                  <severity>Moderate</severity>
+                  <cve cwe="" impact="" href="https://www.suse.com/security/cve/CVE-2010-1323/" public="">CVE-2010-1323 at SUSE</cve>
+                  <cve cvss3="3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" cwe="" impact="low" href="https://nvd.nist.gov/vuln/detail/CVE-2010-1323" public="">CVE-2010-1323
+                      at NVD</cve>
+                  <bugzilla id="" href="https://bugzilla.suse.com/650650">SUSE bug 650650</bugzilla>
+                  <affected_cpe_list>
+                      <cpe>cpe:/o:suse:sle-module-basesystem:15</cpe>
+                      <cpe>cpe:/o:suse:sle-module-server-applications:15</cpe>
+                      <cpe>cpe:/o:suse:sle_hpc:15</cpe>
+                      <cpe>cpe:/o:suse:sled:15</cpe>
+                      <cpe>cpe:/o:suse:sles:15</cpe>
+                      <cpe>cpe:/o:suse:sles_sap:15</cpe>
+                  </affected_cpe_list>
+                  <issued date="2021-04-30"></issued>
+                  <updated date="2024-07-31"></updated>
+              </advisory>
+          </metadata>
+          <criteria operator="OR">
+              <criteria operator="AND">
+                  <criteria operator="OR">
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009669873" comment="SUSE Linux Enterprise Desktop 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009669871" comment="SUSE Linux Enterprise High Performance Computing 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009223735" comment="SUSE Linux Enterprise Module for Basesystem 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009242640" comment="SUSE Linux Enterprise Server 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009276218" comment="SUSE Linux Enterprise Server for SAP Applications 15 is installed"></criterion>
+                  </criteria>
+                  <criteria operator="OR">
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480345" comment="krb5-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480346" comment="krb5-32bit-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480347" comment="krb5-client-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480348" comment="krb5-devel-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480349" comment="krb5-plugin-preauth-otp-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009480350" comment="krb5-plugin-preauth-pkinit-1.15.2-4.25 is installed"></criterion>
+                  </criteria>
+              </criteria>
+              <criteria operator="AND">
+                  <criteria operator="OR">
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009669871" comment="SUSE Linux Enterprise High Performance Computing 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009228795" comment="SUSE Linux Enterprise Module for Server Applications 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009242640" comment="SUSE Linux Enterprise Server 15 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009276218" comment="SUSE Linux Enterprise Server for SAP Applications 15 is installed"></criterion>
+                  </criteria>
+                  <criteria operator="OR">
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009488167" comment="krb5-plugin-kdb-ldap-1.15.2-4.25 is installed"></criterion>
+                      <criterion test_ref="oval:org.opensuse.security:tst:2009488168" comment="krb5-server-1.15.2-4.25 is installed"></criterion>
+                  </criteria>
+              </criteria>
+          </criteria>
+      </definition>
   </definitions>
   <tests>
     <rpminfo_test id="oval:org.opensuse.security:tst:2009302033" version="1" comment="sles-ltss-release is ==15" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
@@ -253,6 +324,62 @@
       <object object_ref="oval:org.opensuse.security:obj:2009030416"/>
       <state state_ref="oval:org.opensuse.security:ste:2009118764"/>
     </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009276218" comment="SLES_SAP-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009047546"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009669873" comment="sled-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031917"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009669871" comment="SLE_HPC-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009051714"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009242640" comment="sles-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009030884"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009223735" comment="sle-module-basesystem-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009042619"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009228795" comment="sle-module-server-applications-release is ==15" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009046430"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009061809"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480345" comment="krb5 is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031044"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480346" comment="krb5-32bit is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031038"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480347" comment="krb5-client is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031041"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480348" comment="krb5-devel is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031478"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480349" comment="krb5-plugin-preauth-otp is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009038448"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009480350" comment="krb5-plugin-preauth-pkinit is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009033580"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009488167" comment="krb5-plugin-kdb-ldap is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009033579"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
+      <rpminfo_test id="oval:org.opensuse.security:tst:2009488168" comment="krb5-server is &lt;1.15.2-4.25" check="at least one" version="1">
+          <object object_ref="oval:org.opensuse.security:obj:2009031042"></object>
+          <state state_ref="oval:org.opensuse.security:ste:2009111500"></state>
+      </rpminfo_test>
   </tests>
   <objects>
     <rpminfo_object id="oval:org.opensuse.security:obj:2009049560" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
@@ -264,6 +391,48 @@
     <rpminfo_object id="oval:org.opensuse.security:obj:2009030416" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
       <name>kernel-default</name>
     </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009051714" version="1">
+          <name>SLE_HPC-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009030884" version="1">
+          <name>sles-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009047546" version="1">
+          <name>SLES_SAP-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031917" version="1">
+          <name>sled-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009042619" version="1">
+          <name>sle-module-basesystem-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009046430" version="1">
+          <name>sle-module-server-applications-release</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031044" version="1">
+          <name>krb5</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031038" version="1">
+          <name>krb5-32bit</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031041" version="1">
+          <name>krb5-client</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031478" version="1">
+          <name>krb5-devel</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009038448" version="1">
+          <name>krb5-plugin-preauth-otp</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009033580" version="1">
+          <name>krb5-plugin-preauth-pkinit</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009033579" version="1">
+          <name>krb5-plugin-kdb-ldap</name>
+      </rpminfo_object>
+      <rpminfo_object id="oval:org.opensuse.security:obj:2009031042" version="1">
+          <name>krb5-server</name>
+      </rpminfo_object>
   </objects>
   <state>
     <rpminfo_state id="oval:org.opensuse.security:ste:2009061809" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
@@ -280,5 +449,8 @@
       <arch datatype="string" operation="pattern match">(aarch64|ppc64le|s390x|x86_64)</arch>
       <evr datatype="evr_string" operation="less than">0:4.12.14-197.89.2</evr>
     </rpminfo_state>
+      <rpminfo_state id="oval:org.opensuse.security:ste:2009111500" version="1">
+          <evr operation="6">0:1.15.2-4.25</evr>
+      </rpminfo_state>
   </state>
 </oval_definitions>
diff --git a/tests/unit/providers/sles/test_sles.py b/tests/unit/providers/sles/test_sles.py
index 4f3193a5..4e2a8f48 100644
--- a/tests/unit/providers/sles/test_sles.py
+++ b/tests/unit/providers/sles/test_sles.py
@@ -5,8 +5,8 @@
 import defusedxml.ElementTree as ET
 import pytest
 
-from vunnel import result, workspace
-from vunnel.providers.sles import Config, Provider, parser
+from vunnel import result
+from vunnel.providers.sles import Config, Provider
 from vunnel.providers.sles.parser import (
     PARSER_CONFIG,
     Parser,
@@ -21,7 +21,7 @@
     VersionParser,
     iter_parse_vulnerability_file,
 )
-from vunnel.utils.vulnerability import CVSS, CVSSBaseMetrics, FixedIn, Vulnerability
+from vunnel.utils.vulnerability import CVSS, CVSSBaseMetrics, FixedIn, Vulnerability, VendorAdvisory
 
 
 class TestSLESVulnerabilityParser:
@@ -154,6 +154,98 @@ def parsed_vulnerabilities(self):
                 ],
                 Metadata={},
             ),
+            Vulnerability(
+                Name="CVE-2010-1323",
+                NamespaceName="sles:15",
+                Description="MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checks\n                  ums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain\n                  checksums that (1) are unkeyed or (2) use RC4 keys.",
+                Severity="Medium",
+                Link="https://www.suse.com/security/cve/CVE-2010-1323",
+                CVSS=[
+                    CVSS(
+                        version="3.0",
+                        vector_string="CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+                        base_metrics=CVSSBaseMetrics(
+                            base_score=3.7, exploitability_score=2.2, impact_score=1.4, base_severity="Low"
+                        ),
+                        status="N/A",
+                    )
+                ],
+                FixedIn=[
+                    FixedIn(
+                        Name="krb5-plugin-kdb-ldap",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-server",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-32bit",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-client",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-devel",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-plugin-preauth-otp",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                    FixedIn(
+                        Name="krb5-plugin-preauth-pkinit",
+                        NamespaceName="sles:15",
+                        VersionFormat="rpm",
+                        Version="0:1.15.2-4.25",
+                        Module="",
+                        VendorAdvisory=VendorAdvisory(NoAdvisory=False, AdvisorySummary=[]),
+                        VulnerableRange=None,
+                    ),
+                ],
+                Metadata={},
+            ),
             Vulnerability(
                 Name="CVE-2021-29154",
                 NamespaceName="sles:15.1",
@@ -298,7 +390,7 @@ def mock_download(self, *args, **kwargs):
 
     p.update(None)
 
-    assert 2 == workspace.num_result_entries()
+    assert 3 == workspace.num_result_entries()
     assert workspace.result_schemas_valid(require_entries=True)