data/reports: add vulnerable_at to some reports

Change-Id: Ia89b783ab748eb8f51991276d6094e69d8537fa9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465804 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com>
2023-02-06 20:31:44 +00:00 · 2023-02-06 20:31:44 +00:00 · 1ebceada91
--- a/data/reports/GO-2021-0086.yaml
+++ b/data/reports/GO-2021-0086.yaml
@ -2,11 +2,11 @@ modules:
  - module: github.com/documize/community
    versions:
      - fixed: 1.76.3-0.20191119114751-a4384210d4d0
+    vulnerable_at: 1.76.3-0.20191115182156-68824912016c
    packages:
      - package: github.com/documize/community/domain/section/markdown
        symbols:
          - Provider.Render
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
    HTML content in markdown is not santized during rendering, possibly allowing
    XSS if used to render untrusted user input.
--- a/data/reports/GO-2021-0095.yaml
+++ b/data/reports/GO-2021-0095.yaml
@ -2,11 +2,11 @@ modules:
  - module: github.com/google/go-tpm
    versions:
      - fixed: 0.3.0
+    vulnerable_at: 0.2.1-0.20200723190029-e82f64f63a31
    packages:
      - package: github.com/google/go-tpm/tpm
        symbols:
          - CreateWrapKey
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
    Due to repeated usage of a XOR key an attacker that can eavesdrop on the TPM 1.2 transport
    is able to calculate usageAuth for keys created using CreateWrapKey, despite it being encrypted,
--- a/data/reports/GO-2021-0096.yaml
+++ b/data/reports/GO-2021-0096.yaml
@ -2,9 +2,9 @@ modules:
  - module: github.com/proglottis/gpgme
    versions:
      - fixed: 0.1.1
+    vulnerable_at: 0.1.1-0.20191030043844-e5586b79c357
    packages:
      - package: github.com/proglottis/gpgme
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
    Due to improper setting of finalizers, memory passed to C may be freed before it is used,
    leading to crashes due to memory corruption or possible code execution.
--- a/data/reports/GO-2021-0099.yaml
+++ b/data/reports/GO-2021-0099.yaml
@ -2,13 +2,13 @@ modules:
  - module: github.com/deislabs/oras
    versions:
      - fixed: 0.9.0
+    vulnerable_at: 0.8.1
    packages:
      - package: github.com/deislabs/oras/pkg/content
        symbols:
          - extractTarDirectory
        derived_symbols:
          - fileWriter.Commit
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
    Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
    content store may result in directory traversal during archive extraction, allowing a