Vexlog4j better csaf

assets/static/.well-known/sbom/quadblockquiz_vex_20211214_no_log4j.html

@@ -20,17 +20,16 @@ <h1>quadblockquiz_vex_20211214_no_log4j: QuadBlockQuiz Not Affected by Log4j exp
       <td>Engine: Secvisogram 1.9.0</td>
     </tr>
     <tr>
-      <td>Current release date: 2021-12-14T17:00:00.000Z</td>
+      <td>Current release date: 2021-12-15T23:00:00.000Z</td>
       <td>Build Date: 2021-12-14T13:59:32.299Z</td>
     </tr>
     <tr>
-      <td>Current version: 1.0.0</td>
-      <td>Status: final</td>    
+      <td>Current version: 1.0.1</td>
+      <td>Status: final</td>
     </tr>
     <tr>
       <td>CVSSv3.1 Base Score: 0</td>
       <td>Severity:
-
          Critical
       </td>
     </tr>
@@ -40,7 +39,7 @@ <h1>quadblockquiz_vex_20211214_no_log4j: QuadBlockQuiz Not Affected by Log4j exp
     </tr>
     <tr>
       <td colspan="2">Also referred to: </td>
-    </tr>    
+    </tr>
   </table>
 
 
@@ -55,27 +54,21 @@ <h3> (CVE-2021-44228)</h3>
         <td>CWE-502:Deserialization of Untrusted Data</td>
       </tr>
     </table>
-
-    <h4>Product status</h4>
 
+    <h4>Product status</h4>
 
 
     <h5>Known not affected</h5>
     <ul>
-        <li>QuadBlockQuiz  v12.0.1</li>
+        <li>QuadBlockQuiz v12.0.2</li>
     </ul>
-
-
-
-
-
-
-
 
       <h4>References</h4>
       <ul>
 
           <li>Log42j vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.  (external): <a href=https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2021-44228>https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2021-44228</a></li>
+
+          <li>CVE-2021-44228 Mitre 4.0 json  (external): <a href=https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;CVEProject&#x2F;cvelist&#x2F;master&#x2F;2021&#x2F;45xxx&#x2F;CVE-2021-44228.json>https:&#x2F;&#x2F;raw.githubusercontent.com&#x2F;CVEProject&#x2F;cvelist&#x2F;master&#x2F;2021&#x2F;45xxx&#x2F;CVE-2021-44228.json</a></li>
       </ul>
 
       <h4>Threats</h4>
@@ -92,8 +85,8 @@ <h2>sFractal PSIRT</h2>
 
     <h2>References</h2>
     <ul>
-
-          <li>The canonical URL.  (self): <a href=http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;QuadBlockQuiz_20211214_No_Log4j.html>http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;QuadBlockQuiz_20211214_No_Log4j.html</a></li>
+          <li>QuadBlockQuiz qbq-12-0-1-001 - CSAF Version  (self): <a href=http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;quadblockquiz_vex_20211214_no_log4j.json>http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;quadblockquiz_vex_20211214_no_log4j.json</a></li>
+          <li>QuadBlockQuiz qbq-12-0-1-001 - HTML Version  (self): <a href=http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;quadblockquiz_vex_20211214_no_log4j.html>http:&#x2F;&#x2F;quizquadblocks.sfractal.com:4000&#x2F;.well-known&#x2F;sbom&#x2F;quadblockquiz_vex_20211214_no_log4j.html</a></li>
     </ul>
 
   <h2>Revision history</h2>
@@ -111,6 +104,11 @@ <h2>Revision history</h2>
           <td>2021-12-14T17:00:00.000Z</td>
           <td>Initial version</td>
         </tr>
+        <tr>
+          <td>1.0.1</td>
+          <td>2021-12-15T23:00:00.000Z</td>
+          <td>better use of CSAF, info content same</td>
+        </tr>
     </tbody>
   </table>
 

assets/static/.well-known/sbom/quadblockquiz_vex_20211214_no_log4j.json

@@ -9,18 +9,23 @@
     },
     "title": "QuadBlockQuiz Not Affected by Log4j exploits",
     "tracking": {
-      "current_release_date": "2021-12-14T17:00:00.000Z",
+      "current_release_date": "2021-12-15T23:00:00.000Z",
       "id": "quadblockquiz_vex_20211214_no_log4j",
       "initial_release_date": "2021-12-14T17:00:00.000Z",
       "revision_history": [
         {
           "date": "2021-12-14T17:00:00.000Z",
           "number": "1.0.0",
           "summary": "Initial version"
+        },
+        {
+          "date": "2021-12-15T23:00:00.000Z",
+          "number": "1.0.1",
+          "summary": "better use of CSAF, info content same"
         }
       ],
       "status": "final",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "generator": {
         "date": "2021-12-14T13:59:32.299Z",
         "engine": {
@@ -41,8 +46,13 @@
     "references": [
       {
         "category": "self",
-        "url": "http://quizquadblocks.sfractal.com:4000/.well-known/sbom/QuadBlockQuiz_20211214_No_Log4j.html",
-        "summary": "The canonical URL."
+        "url": "http://quizquadblocks.sfractal.com:4000/.well-known/sbom/quadblockquiz_vex_20211214_no_log4j.json",
+        "summary": "QuadBlockQuiz qbq-12-0-1-001 - CSAF Version"
+      },
+      {
+        "category": "self",
+        "url": "http://quizquadblocks.sfractal.com:4000/.well-known/sbom/quadblockquiz_vex_20211214_no_log4j.html",
+        "summary": "QuadBlockQuiz qbq-12-0-1-001 - HTML Version"
       }
     ]
   },
@@ -62,10 +72,10 @@
                 "branches": [
                   {
                     "category": "product_version",
-                    "name": "12.0.1",
+                    "name": "12.0.2",
                     "product": {
                       "product_id": "qbq-12-0-1-001",
-                      "name": "QuadBlockQuiz  v12.0.1"
+                      "name": "QuadBlockQuiz v12.0.2"
                     }
                   }
                 ]
@@ -102,6 +112,11 @@
           "category": "external",
           "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228",
           "summary": "Log42j vulnerability. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled."
+        },
+        {
+          "category": "external",
+          "url": "https://raw.githubusercontent.com/CVEProject/cvelist/master/2021/45xxx/CVE-2021-44228.json",
+          "summary": "CVE-2021-44228 Mitre 4.0 json"
         }
       ]
     }