reports: add GitHub Security Advisories

Using vulnreport fix, populate the GHSA IDs for all existing reports. Change-Id: I09cabc16895994ccff1e2cab628a6c7b9d6a4bf4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/388677 Trust: Jonathan Amsterdam <jba@google.com> Run-TryBot: Jonathan Amsterdam <jba@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: kokoro <noreply+kokoro@google.com>
2022-03-01 10:04:31 -05:00 · 2022-03-01 10:04:31 -05:00 · 1a19dd1de3
--- a/reports/GO-2020-0002.yaml
+++ b/reports/GO-2020-0002.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-8945
+ghsas:
+  - GHSA-m6wg-2mwg-4rfq
 credit: Ulrich Obergfell <uobergfe@redhat.com>
 links:
    pr: https://github.com/proglottis/gpgme/pull/23
--- a/reports/GO-2020-0006.yaml
+++ b/reports/GO-2020-0006.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2017-15133
+ghsas:
+  - GHSA-p55x-7x9v-q8m4
 credit: Pedro Sampaio
 symbols:
  - Server.serveTCP
--- a/reports/GO-2020-0007.yaml
+++ b/reports/GO-2020-0007.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2017-18367
+ghsas:
+  - GHSA-58v3-j75h-xr49
 credit: '@ihac'
 symbols:
  - ScmpFilter.addRuleGeneric
--- a/reports/GO-2020-0008.yaml
+++ b/reports/GO-2020-0008.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-19794
+ghsas:
+  - GHSA-44r7-7p62-q3fr
 symbols:
  - id
 derived_symbols:
--- a/reports/GO-2020-0009.yaml
+++ b/reports/GO-2020-0009.yaml
@ -15,6 +15,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2016-9123
+ghsas:
+  - GHSA-3fx4-7f69-5mmg
 credit: Quan Nguyen from Google's Information Security Engineering Team
 symbols:
  - cbcAEAD.computeAuthTag
--- a/reports/GO-2020-0010.yaml
+++ b/reports/GO-2020-0010.yaml
@ -13,6 +13,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2016-9121
+ghsas:
+  - GHSA-86r9-39j9-99wp
 credit: Quan Nguyen from Google's Information Security Engineering Team
 symbols:
  - DeriveECDHES
--- a/reports/GO-2020-0011.yaml
+++ b/reports/GO-2020-0011.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2016-9122
+ghsas:
+  - GHSA-77gc-fj98-665h
 credit: Quan Nguyen from Google's Information Security Engineering Team
 symbols:
  - JsonWebEncryption.Decrypt
--- a/reports/GO-2020-0012.yaml
+++ b/reports/GO-2020-0012.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-9283
+ghsas:
+  - GHSA-ffhg-7mh4-33c4
 credit: Alex Gaynor, Fish in a Barrel
 symbols:
  - parseED25519
--- a/reports/GO-2020-0015.yaml
+++ b/reports/GO-2020-0015.yaml
@ -19,6 +19,8 @@ published: 2021-04-14T20:04:52Z
 last_modified: 2021-06-07T12:00:00Z
 cves:
  - CVE-2020-14040
+ghsas:
+  - GHSA-5rcv-m4m3-hfh7
 credit: '@abacabadabacaba and Anton Gyllenberg'
 symbols:
  - utf16Decoder.Transform
--- a/reports/GO-2020-0016.yaml
+++ b/reports/GO-2020-0016.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2021-29482
+ghsas:
+  - GHSA-25xm-hr59-7c27
 credit: '@0xdecaf'
 symbols:
  - readUvarint
--- a/reports/GO-2020-0017.yaml
+++ b/reports/GO-2020-0017.yaml
@ -15,6 +15,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-26160
+ghsas:
+  - GHSA-w73w-5m7g-f7qc
 credit: '@christopher-wong'
 symbols:
  - MapClaims.VerifyAudience
--- a/reports/GO-2020-0019.yaml
+++ b/reports/GO-2020-0019.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-27813
+ghsas:
+  - GHSA-3xh2-74w9-5vxm
 credit: Max Justicz
 symbols:
  - Conn.advanceFrame
--- a/reports/GO-2020-0021.yaml
+++ b/reports/GO-2020-0021.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2014-8681
+ghsas:
+  - GHSA-mr6h-chqp-p9g2
 credit: Pascal Turbing and Jiahua (Joe) Chen
 symbols:
  - GetIssues
--- a/reports/GO-2020-0027.yaml
+++ b/reports/GO-2020-0027.yaml
@ -14,6 +14,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2018-6558
+ghsas:
+  - GHSA-qj26-7grj-whg3
 symbols:
  - NewHandle
  - SetProcessPrivileges
--- a/reports/GO-2020-0028.yaml
+++ b/reports/GO-2020-0028.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2018-17419
+ghsas:
+  - GHSA-9jcx-pr2f-qvq5
 credit: '@tr3ee'
 symbols:
  - setTA
--- a/reports/GO-2020-0031.yaml
+++ b/reports/GO-2020-0031.yaml
@ -7,6 +7,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-8945
+ghsas:
+  - GHSA-m6wg-2mwg-4rfq
 links:
    commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
    context:
--- a/reports/GO-2020-0036.yaml
+++ b/reports/GO-2020-0036.yaml
@ -16,6 +16,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-11254
+ghsas:
+  - GHSA-wxc4-f4m6-wwqv
 symbols:
  - yaml_parser_fetch_more_tokens
 derived_symbols:
--- a/reports/GO-2020-0038.yaml
+++ b/reports/GO-2020-0038.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-20786
+ghsas:
+  - GHSA-7gfg-6934-mqq2
 symbols:
  - Conn.handleIncomingPacket
 derived_symbols:
--- a/reports/GO-2020-0039.yaml
+++ b/reports/GO-2020-0039.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-12666
+ghsas:
+  - GHSA-733f-44f3-3frw
 credit: '@ev0A'
 symbols:
  - staticHandler
--- a/reports/GO-2020-0041.yaml
+++ b/reports/GO-2020-0041.yaml
@ -26,6 +26,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-7668
+ghsas:
+  - GHSA-88jf-7rch-32qc
 symbols:
  - TzArchive.syncFiles
  - TzArchive.ExtractToFunc
--- a/reports/GO-2020-0042.yaml
+++ b/reports/GO-2020-0042.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-7667
+ghsas:
+  - GHSA-9423-6c93-gpp8
 symbols:
  - Extract
 links:
--- a/reports/GO-2020-0050.yaml
+++ b/reports/GO-2020-0050.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-15216
+ghsas:
+  - GHSA-q547-gmf8-8jr7
 credit: '@jupenur'
 symbols:
  - ValidationContext.findSignature
--- a/reports/GO-2021-0052.yaml
+++ b/reports/GO-2021-0052.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-28483
+ghsas:
+  - GHSA-h395-qcrw-5vmq
 credit: '@sorenh'
 symbols:
  - Context.ClientIP
--- a/reports/GO-2021-0056.yaml
+++ b/reports/GO-2021-0056.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-15216
+ghsas:
+  - GHSA-q547-gmf8-8jr7
 credit: Juho Nurminen (Mattermost)
 symbols:
  - provider.HandlePOST
--- a/reports/GO-2021-0058.yaml
+++ b/reports/GO-2021-0058.yaml
@ -17,6 +17,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-27846
+ghsas:
+  - GHSA-4hq8-gmxx-h6w9
 symbols:
  - IdpAuthnRequest.Validate
  - ServiceProvider.ParseXMLResponse
--- a/reports/GO-2021-0059.yaml
+++ b/reports/GO-2021-0059.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-35380
+ghsas:
+  - GHSA-w942-gw6m-p62c
 credit: '@toptotu'
 symbols:
  - sqaush
--- a/reports/GO-2021-0060.yaml
+++ b/reports/GO-2021-0060.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-29509
+ghsas:
+  - GHSA-xhqq-x44f-9fgg
 credit: Juho Nurminen
 symbols:
  - parseResponse
--- a/reports/GO-2021-0063.yaml
+++ b/reports/GO-2021-0063.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-26264
+ghsas:
+  - GHSA-r33q-22hv-j29q
 credit: '@zsfelfoldi'
 symbols:
  - serverHandler.handleMsg
--- a/reports/GO-2021-0070.yaml
+++ b/reports/GO-2021-0070.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2016-3697
+ghsas:
+  - GHSA-q3j5-32m5-58c2
 symbols:
  - GetExecUser
 derived_symbols:
--- a/reports/GO-2021-0084.yaml
+++ b/reports/GO-2021-0084.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-16354
+ghsas:
+  - GHSA-f6px-w8rh-7r89
 credit: '@nicowaisman'
 symbols:
  - FileProvider.SessionRead
--- a/reports/GO-2021-0085.yaml
+++ b/reports/GO-2021-0085.yaml
@ -13,6 +13,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-16884
+ghsas:
+  - GHSA-fgv8-vj5c-2ppq
 credit: Leopold Schabel
 links:
    pr: https://github.com/opencontainers/runc/pull/2130
--- a/reports/GO-2021-0086.yaml
+++ b/reports/GO-2021-0086.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-19619
+ghsas:
+  - GHSA-wmwp-pggc-h4mj
 symbols:
  - Provider.Render
 links:
--- a/reports/GO-2021-0087.yaml
+++ b/reports/GO-2021-0087.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2019-19921
+ghsas:
+  - GHSA-fh74-hm69-rqjw
 credit: Leopold Schabel
 symbols:
  - mountToRootfs
--- a/reports/GO-2021-0089.yaml
+++ b/reports/GO-2021-0089.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-10675
+ghsas:
+  - GHSA-rmh2-65xw-9m6q
 credit: Cong Wang
 symbols:
  - findKeyStart
--- a/reports/GO-2021-0090.yaml
+++ b/reports/GO-2021-0090.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-15091
+ghsas:
+  - GHSA-6jqj-f58p-mrw3
 credit: Neeraj Murarka
 symbols:
  - VoteSet.MakeCommit
--- a/reports/GO-2021-0091.yaml
+++ b/reports/GO-2021-0091.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-15111
+ghsas:
+  - GHSA-9cx9-x2gp-9qvh
 credit: Hasibul Hasan and Abdullah Shaleh
 symbols:
  - Ctx.Attachment
--- a/reports/GO-2021-0092.yaml
+++ b/reports/GO-2021-0092.yaml
@ -7,6 +7,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-15222
+ghsas:
+  - GHSA-v3q9-2p3m-7g43
 symbols:
  - Fosite.AuthenticateClient
 derived_symbols:
--- a/reports/GO-2021-0095.yaml
+++ b/reports/GO-2021-0095.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-8918
+ghsas:
+  - GHSA-5x29-3hr9-6wpw
 credit: Chris Fenner
 symbols:
  - CreateWrapKey
--- a/reports/GO-2021-0096.yaml
+++ b/reports/GO-2021-0096.yaml
@ -7,6 +7,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2020-8945
+ghsas:
+  - GHSA-m6wg-2mwg-4rfq
 credit: Ulrich Obergfell
 links:
    pr: https://github.com/proglottis/gpgme/pull/23
--- a/reports/GO-2021-0098.yaml
+++ b/reports/GO-2021-0098.yaml
@ -28,6 +28,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2021-21237
+ghsas:
+  - GHSA-cx3w-xqmc-84g5
 credit: '@Ry0taK'
 symbols:
  - PipeCommand
--- a/reports/GO-2021-0099.yaml
+++ b/reports/GO-2021-0099.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-04-14T20:04:52Z
 cves:
  - CVE-2021-21272
+ghsas:
+  - GHSA-g5v4-5x39-vwhx
 credit: Chris Smowton
 symbols:
  - extractTarDirectory
--- a/reports/GO-2021-0100.yaml
+++ b/reports/GO-2021-0100.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2021-20291
+ghsas:
+  - GHSA-7qw8-847f-pggm
 credit: Aviv Sasson (Palo Alto Networks)
 symbols:
  - cmdStream
--- a/reports/GO-2021-0101.yaml
+++ b/reports/GO-2021-0101.yaml
@ -10,6 +10,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2019-0210
+ghsas:
+  - GHSA-jq7p-26h5-w78r
 symbols:
  - TSimpleJSONProtocol.safePeekContains
 derived_symbols:
--- a/reports/GO-2021-0102.yaml
+++ b/reports/GO-2021-0102.yaml
@ -16,6 +16,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2019-11289
+ghsas:
+  - GHSA-5796-p3m6-9qj4
 symbols:
  - AesGCM.Decrypt
 links:
--- a/reports/GO-2021-0103.yaml
+++ b/reports/GO-2021-0103.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2020-26242
+ghsas:
+  - GHSA-jm5c-rv3w-w83m
 credit: Dima Stebaev
 symbols:
  - udivrem
--- a/reports/GO-2021-0104.yaml
+++ b/reports/GO-2021-0104.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2021-28681
+ghsas:
+  - GHSA-74xm-qj29-cq8p
 credit: Gaukas Wang (@Gaukas)
 symbols:
  - DTLSTransport.Start
--- a/reports/GO-2021-0105.yaml
+++ b/reports/GO-2021-0105.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2020-26265
+ghsas:
+  - GHSA-xw37-57qp-9mm4
 credit: John Youngseok Yang (Software Platform Lab)
 symbols:
  - StateDB.createObject
--- a/reports/GO-2021-0108.yaml
+++ b/reports/GO-2021-0108.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2020-15111
+ghsas:
+  - GHSA-9cx9-x2gp-9qvh
 credit: Hasibul Hasan and Abdullah Shaleh
 symbols:
  - Ctx.Attachment
--- a/reports/GO-2021-0109.yaml
+++ b/reports/GO-2021-0109.yaml
@ -8,6 +8,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2020-15223
+ghsas:
+  - GHSA-7mqr-2v3q-v2wm
 symbols:
  - TokenRevocationHandler.RevokeToken
 links:
--- a/reports/GO-2021-0110.yaml
+++ b/reports/GO-2021-0110.yaml
@ -7,6 +7,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2020-15222
+ghsas:
+  - GHSA-v3q9-2p3m-7g43
 symbols:
  - Fosite.AuthenticateClient
 derived_symbols:
--- a/reports/GO-2021-0111.yaml
+++ b/reports/GO-2021-0111.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2021-20329
+ghsas:
+  - GHSA-f6mq-5m25-4r72
 symbols:
  - valueWriter.writeElementHeader
 derived_symbols:
--- a/reports/GO-2021-0112.yaml
+++ b/reports/GO-2021-0112.yaml
@ -9,6 +9,8 @@ description: |
 published: 2021-07-28T18:08:05Z
 cves:
  - CVE-2021-20329
+ghsas:
+  - GHSA-f6mq-5m25-4r72
 symbols:
  - AppendHeader
  - AppendRegex
--- a/reports/GO-2021-0178.yaml
+++ b/reports/GO-2021-0178.yaml
@ -1,23 +1,23 @@
 module: std
 package: net/smtp
 versions:
- introduced: go1.1
-  fixed: go1.8.4
- introduced: go1.1
-  fixed: go1.9.1
+  - introduced: go1.1
+    fixed: go1.8.4
+  - introduced: go1.1
+    fixed: go1.9.1
 description: |
-  SMTP clients using net/smtp can use the PLAIN authentication scheme on
-  network connections not secured with TLS, exposing passwords to
-  man-in-the-middle SMTP servers.
+    SMTP clients using net/smtp can use the PLAIN authentication scheme on
+    network connections not secured with TLS, exposing passwords to
+    man-in-the-middle SMTP servers.
+published: 2022-01-07T20:35:00Z
 cves:
- CVE-2017-15042
+  - CVE-2017-15042
 credit: Stevie Johnstone
 symbols:
- plainAuth.Start
+  - plainAuth.Start
 links:
-  pr: https://go.dev/cl/68170
-  commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
-  context:
-  - https://go.dev/issue/22134
-  - https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
-published: 2022-01-07T20:35:00Z
+    pr: https://go.dev/cl/68170
+    commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
+    context:
+      - https://go.dev/issue/22134
+      - https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
--- a/reports/GO-2021-0225.yaml
+++ b/reports/GO-2021-0225.yaml
@ -18,6 +18,8 @@ description: |
 published: 2022-01-13T03:44:52Z
 cves:
  - CVE-2020-16845
+ghsas:
+  - GHSA-q6gq-997w-f55g
 credit: Diederik Loerakker, Jonny Rhea, Raúl Kripalani, and Preston Van Loon
 symbols:
  - ReadUvarint
--- a/reports/GO-2021-0228.yaml
+++ b/reports/GO-2021-0228.yaml
@ -9,6 +9,8 @@ description: |
 published: 2022-01-14T17:30:28Z
 cves:
  - CVE-2020-7664
+ghsas:
+  - GHSA-vpx7-vm66-qx8r
 credit: Georgios Gkitsas of Snyk Security Team
 symbols:
  - TzArchive.syncFiles
--- a/reports/GO-2021-0237.yaml
+++ b/reports/GO-2021-0237.yaml
@ -9,6 +9,8 @@ description: |
 published: 2022-01-11T17:18:11Z
 cves:
  - CVE-2021-32721
+ghsas:
+  - GHSA-mj9r-wwm8-7q52
 symbols:
  - Route.execute
 links:
--- a/reports/GO-2021-0258.yaml
+++ b/reports/GO-2021-0258.yaml
@ -13,6 +13,8 @@ description: |
 published: 2022-01-14T17:30:31Z
 cves:
  - CVE-2021-41230
+ghsas:
+  - GHSA-j6wp-3859-vxfg
 symbols:
  - Manager.onUpdateRecords
 links:
--- a/reports/GO-2021-0265.yaml
+++ b/reports/GO-2021-0265.yaml
@ -6,6 +6,8 @@ description: |
 published: 2022-01-14T17:30:24Z
 cves:
  - CVE-2021-42836
+ghsas:
+  - GHSA-ppj4-34rq-v8j9
 symbols:
  - match.Match
 links: