<oval_definitions

xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"

xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"

xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"

xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"

xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#macos linux-definitions-schema.xsd">

<generator>

<oval:product_name>Oval tester</oval:product_name>

<oval:product_version>1</oval:product_version>

<oval:schema_version>5.11.1</oval:schema_version>

<oval:timestamp>2020-07-26T17:03:05</oval:timestamp>

</generator>

<definitions>

<definition class="inventory" id="oval:ubuntu.xenial:def:500" version="1">

<metadata>

<title>Check if it is Ubuntu 16.04 that is installed.</title>

<description></description>

</metadata>

<criteria>

<criterion test_ref="oval:xenial:tst:500" comment="Ubuntu 16.04 is installed." />

</criteria>

</definition>

<definition id="oval:xenial:def:501" version="1" class="patch">

<metadata>

<title>Test if Pillow is vulnerable to CVE-2020-10177</title>

<affected family="unix">

<platform>Ubuntu 16.04</platform>

</affected>

<reference source="Mitre" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10177" ref_id="1234"/>

<description>Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.</description>

</metadata>

<criteria>

<criterion test_ref="oval:xenial:tst:501" comment="test if Ubuntu 16.04 is installed at my system" />

</criteria>

</definition>

</definitions>

<tests>

<ind:textfilecontent54_test check="at least one" check_existence="at_least_one_exists" id="oval:xenial:tst:500" version="1" comment="Ubuntu 16.04 LTS is installed.">

<ind:object object_ref="oval:xenial:obj:500" />

<ind:state state_ref="oval:xenial:ste:500" />

</ind:textfilecontent54_test>

<linux:dpkginfo_test id="oval:xenial:tst:501" version="1" check_existence="at_least_one_exists" check="at least one" comment="?">

<linux:object object_ref="oval:xenial:obj:501"/>

<linux:state state_ref="oval:xenial:ste:501"/>

</linux:dpkginfo_test>

</tests>

<objects>

<ind:textfilecontent54_object id="oval:xenial:obj:500" version="1">

<ind:filepath datatype="string">/etc/lsb-release</ind:filepath>

<ind:pattern operation="pattern match">^[\s\S]*DISTRIB_CODENAME=([a-z]+)$</ind:pattern>

<ind:instance datatype="int">1</ind:instance>

</ind:textfilecontent54_object>

<linux:dpkginfo_object id="oval:xenial:obj:501" version="1">

<linux:name var_ref="oval:xenial:var:501" var_check="at least one" />

</linux:dpkginfo_object>

</objects>

<states>

<ind:textfilecontent54_state id="oval:xenial:ste:500" version="1" comment="Ubuntu 16.04 LTS">

<ind:subexpression datatype="string" operation="equals">xenial</ind:subexpression>

</ind:textfilecontent54_state>

<linux:dpkginfo_state id="oval:xenial:ste:501" version="1">

<linux:evr datatype="evr_string" operation="less than">3.1.2-0ubuntu1.4</linux:evr>

</linux:dpkginfo_state>

</states>

<variables>

<constant_variable id="oval:xenial:var:501" version="1" datatype="string" comment="?">

<value>python-pil</value>

<value>python3-pil</value>

</constant_variable>

</variables>

</oval_definitions>