data/reports: add vulnerable_at to GO-2021-0113.yaml

Aliases: CVE-2021-38561, GHSA-ppp9-7jff-5vj2 Updates golang/vulndb#113 Change-Id: I1b6108e968286216b1e353987e59da0fb9c0acc5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465180 Reviewed-by: Tim King <taking@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-03 16:44:55 +00:00 · 2023-02-03 16:44:55 +00:00 · a9d74d0f79
--- a/data/reports/GO-2021-0113.yaml
+++ b/data/reports/GO-2021-0113.yaml
@ -2,6 +2,7 @@ modules:
  - module: golang.org/x/text
    versions:
      - fixed: 0.3.7
+    vulnerable_at: 0.3.6
    packages:
      - package: golang.org/x/text/language
        symbols:
@ -10,7 +11,6 @@ modules:
          - MatchStrings
          - MustParse
          - ParseAcceptLanguage
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
 description: |
    Due to improper index calculation, an incorrectly formatted language tag can cause Parse
    to panic via an out of bounds read. If Parse is used to process untrusted user inputs,