data/reports: add alias for GO-2020-0022.yaml

Aliases: CVE-2014-125026, GHSA-4wp2-8rm2-jgmh Updates golang/vulndb#22 Fixes golang/vulndb#1459 Change-Id: If2e3802e98fe75c0be8b9869fb1656473a7a349d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461436 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com>
2023-01-10 16:34:49 -05:00 · 2023-01-10 16:34:49 -05:00 · c963ad7d70
--- a/data/osv/GO-2020-0022.json
+++ b/data/osv/GO-2020-0022.json
@ -3,7 +3,8 @@
  "published": "2021-04-14T20:04:52Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
-    "CVE-2014-125026"
+    "CVE-2014-125026",
+    "GHSA-4wp2-8rm2-jgmh"
  ],
  "details": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.",
  "affected": [
--- a/data/reports/GO-2020-0022.yaml
+++ b/data/reports/GO-2020-0022.yaml
@ -11,6 +11,8 @@ description: |
    memory corruption, which could lead to arbitrary code execution
    if called with untrusted user input.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-4wp2-8rm2-jgmh
 credit: Yann Collet
 references:
  - fix: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898