data/reports: add alias for GO-2022-0979.yaml

Aliases: CVE-2022-3346, GHSA-87mm-qxm5-cp3f Updates golang/vulndb#979 Fixes golang/vulndb#1273 Change-Id: Ia84913135828239a8fd2417d0fbf34b05ff58143 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461475 Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>
2023-01-10 16:58:11 -05:00 · 2023-01-10 16:58:11 -05:00 · fc8bccf551
--- a/data/osv/GO-2022-0979.json
+++ b/data/osv/GO-2022-0979.json
@ -3,7 +3,8 @@
  "published": "0001-01-01T00:00:00Z",
  "modified": "0001-01-01T00:00:00Z",
  "aliases": [
-    "CVE-2022-3346"
+    "CVE-2022-3346",
+    "GHSA-87mm-qxm5-cp3f"
  ],
  "details": "DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records.\n\nThe owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.",
  "affected": [
--- a/data/reports/GO-2022-0979.yaml
+++ b/data/reports/GO-2022-0979.yaml
@ -11,6 +11,8 @@ description: |
    The owner name of RRSIG RRs is not validated, permitting an attacker
    to present the RRSIG for an attacker-controlled domain in a response
    for any other domain.
+ghsas:
+  - GHSA-87mm-qxm5-cp3f
 references:
  - report: https://github.com/peterzen/goresolver/issues/5
 cve_metadata: