From c963ad7d709398250507c72f171c7207558e9af6 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Tue, 10 Jan 2023 16:34:49 -0500
Subject: [PATCH] data/reports: add alias for GO-2020-0022.yaml

Aliases: CVE-2014-125026, GHSA-4wp2-8rm2-jgmh

Updates golang/vulndb#22
Fixes golang/vulndb#1459

Change-Id: If2e3802e98fe75c0be8b9869fb1656473a7a349d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461436
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
---
 data/osv/GO-2020-0022.json     | 3 ++-
 data/reports/GO-2020-0022.yaml | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/osv/GO-2020-0022.json b/data/osv/GO-2020-0022.json
index 557b711b..50a61f0e 100644
--- a/data/osv/GO-2020-0022.json
+++ b/data/osv/GO-2020-0022.json
@@ -3,7 +3,8 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2014-125026"
+    "CVE-2014-125026",
+    "GHSA-4wp2-8rm2-jgmh"
   ],
   "details": "LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.",
   "affected": [
diff --git a/data/reports/GO-2020-0022.yaml b/data/reports/GO-2020-0022.yaml
index c11f9ac8..83037b8c 100644
--- a/data/reports/GO-2020-0022.yaml
+++ b/data/reports/GO-2020-0022.yaml
@@ -11,6 +11,8 @@ description: |
     memory corruption, which could lead to arbitrary code execution
     if called with untrusted user input.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-4wp2-8rm2-jgmh
 credit: Yann Collet
 references:
   - fix: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898