From 40421c989f236130250245fee3ba4079db2e5647 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 17 Apr 2026 15:47:50 -0500
Subject: [PATCH 1/3] Fix copy paste error in src/CVRF/cvrf_priv.c

system_id was listed twice.
---
 src/CVRF/cvrf_priv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/CVRF/cvrf_priv.c b/src/CVRF/cvrf_priv.c
index 5f28d03235..43d880efac 100644
--- a/src/CVRF/cvrf_priv.c
+++ b/src/CVRF/cvrf_priv.c
@@ -499,7 +499,7 @@ struct cvrf_vulnerability *cvrf_vulnerability_clone(const struct cvrf_vulnerabil
 	clone->ordinal = vuln->ordinal;
 	clone->title = oscap_strdup(vuln->title);
 	clone->system_id = oscap_strdup(vuln->system_id);
-	clone->system_id = oscap_strdup(vuln->system_name);
+	clone->system_name = oscap_strdup(vuln->system_name);
 	clone->discovery_date = oscap_strdup(vuln->discovery_date);
 	clone->release_date = oscap_strdup(vuln->release_date);
 	clone->cwes = oscap_list_clone(vuln->cwes, (oscap_clone_func) cvrf_vulnerability_cwe_clone);

From 4bd80eb65680e718da3b23b5004b5a3b103e75f5 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 17 Apr 2026 15:49:14 -0500
Subject: [PATCH 2/3] Remove resource leak in cvrf_revision_parse

---
 src/CVRF/cvrf_priv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/CVRF/cvrf_priv.c b/src/CVRF/cvrf_priv.c
index 43d880efac..6282257441 100644
--- a/src/CVRF/cvrf_priv.c
+++ b/src/CVRF/cvrf_priv.c
@@ -2125,10 +2125,13 @@ struct cvrf_revision *cvrf_revision_parse(xmlTextReaderPtr reader) {
 			continue;
 		}
 		if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_NUMBER) == 0) {
+			free(revision->number);
 			revision->number = oscap_element_string_copy(reader);
 		} else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_DATE) == 0) {
+			free(revision->date);
 			revision->date = oscap_element_string_copy(reader);
 		} else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_DESCRIPTION) == 0) {
+			free(revision->description);
 			revision->description = oscap_element_string_copy(reader);
 		}
 		xmlTextReaderNextNode(reader);

From 06cb90ff2756788e0d63837f5df220f84a4199cb Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Fri, 17 Apr 2026 15:49:57 -0500
Subject: [PATCH 3/3] Remove resource leak in cvrf_reference_parse

---
 src/CVRF/cvrf_priv.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/CVRF/cvrf_priv.c b/src/CVRF/cvrf_priv.c
index 6282257441..98dcff1272 100644
--- a/src/CVRF/cvrf_priv.c
+++ b/src/CVRF/cvrf_priv.c
@@ -2068,8 +2068,10 @@ struct cvrf_reference *cvrf_reference_parse(xmlTextReaderPtr reader) {
 			continue;
 		}
 		if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_URL) == 0) {
+			free(ref->url);
 			ref->url = oscap_element_string_copy(reader);
 		} else if (xmlStrcmp(xmlTextReaderConstLocalName(reader), TAG_DESCRIPTION) == 0) {
+			free(ref->description);
 			ref->description = oscap_element_string_copy(reader);
 		}
 		xmlTextReaderNextNode(reader);