0a8e8193e4
data/reports: add GO-2023-1535.yaml
...
Aliases: GHSA-hxp2-xqf3-v83h
Fixes golang/vulndb#1535
Change-Id: Id27b0960f9d48c8875d81c220d208069ae5c9507
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/467437
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
2023-02-13 16:00:55 +00:00
c3b662f93d
data/reports: add GO-2023-1534.yaml
...
Aliases: GHSA-4xgv-j62q-h3rj
Fixes golang/vulndb#1534
Change-Id: I5db478db53707d0631cdb1febc44ba8d97adacae
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/467436
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-02-13 16:00:43 +00:00
883be2a7ec
cmd/vulnreport: move find GHSA logic to newReport
...
This allows us to re-use the addGHSA function. Note this does slightly
change the behavior of vulnreport create, as the added GHSAs are not
taken into account when initially creating the report. This does not
matter much with the current implementation, as we arbitrarily choose
one alias to create the report based on.
Change-Id: Ia99eac8aaec603f5fd44f7b9d017957f8147fe06
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/467295
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
2023-02-13 16:00:03 +00:00
a6628195a9
data/excluded: batch add excluded reports
...
Fixes golang/vulndb#1555
Fixes golang/vulndb#1554
Fixes golang/vulndb#1552
Fixes golang/vulndb#1544
Fixes golang/vulndb#1543
Fixes golang/vulndb#1542
Fixes golang/vulndb#1541
Fixes golang/vulndb#1533
Fixes golang/vulndb#1536
Fixes golang/vulndb#1553
Fixes golang/vulndb#1551
Fixes golang/vulndb#1550
Change-Id: Id3902ec0b438153293926a92449eee1d64cc2fde
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/467396
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-10 20:36:26 +00:00
2c87650018
cmd/vulnreport: add GHSAs by default in vulnreport fix
...
Change the default behavior of vulnreport fix to pull in all GHSAs
for existing CVEs (this can be turned off via the flag "skip-ghsa").
Also change the behavior to append to the list of GHSAs instead of
overwriting it.
Change-Id: I1bd8363b4868121b8630e988eee4ed598f995c6d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466575
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-10 18:06:42 +00:00
546c8bfb67
internal/report: lint on missing skip_fix
...
Change-Id: Ie9f7c667cdd8e2d2413d8a928bf313e1be9ff5b3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464030
Run-TryBot: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-10 17:30:36 +00:00
3e07daa967
data/reports: add packages to GO-2021-0053.yaml
...
The current list of packages is mentioned in the ghsa, but 1) fix
mentions only unmarshal package and 2) even the ghsa description
explicitly mentions a file in the unmarshal package (this file is where
fix happens to be placed).
The current CL lists only unmarshal package and adds two symbols
mentioned in the fix. Note that there are no derived symbols since
the only symbol derived in theory is Generate itself, which already
appears in the set of initial symbols.
Updates golang/vulndb#53
Change-Id: I0a71c86de032b7334c8cb71b4cacb947e0a70d2d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466996
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-02-10 16:51:38 +00:00
1f6d0a67ed
cmd/vulnreport: clean up stdlib fix
...
Pull warnings related to stdlib version into one place and call a new function, IsStdLib, instead of storing a bool "std".
Change-Id: Icbbe5381d0ccd78178ba0eecb8be53a23f06d5f9
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466663
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-09 17:38:56 +00:00
fc0e5c9b0e
cmd/vulnreport: refactor checkReportSymbols
...
Pull all the functionality into one loop over the modules.
The only behavior change is that we no longer skip a whole report if it contains the "std" module (because some reports contain both "std" and "x/" repos).
Change-Id: Id95f1844d25e672bb11cdcedeea4af5ffe113be5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466662
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-09 17:38:41 +00:00
1bbb6febe9
data/reports: remove fixed version from GO-2022-0564.yaml
...
v1 does not contain a fix. Our YAML format does not support directly indicating that v2 onwards is fixed, so for now users will need to read the description of the vuln to determine that the fix is to migrate to v2.
Aliases: CVE-2022-31053, GHSA-75rw-34q6-72cr
Updates golang/vulndb#564
Change-Id: I2e39f363ebfbe7387a5bff4535af02f4d3b24d99
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466659
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-09 17:37:57 +00:00
56e812d65c
data/excluded: batch add GO-2023-1527, GO-2023-1524, GO-2023-1516, GO-2023-1514, GO-2023-1513, GO-2023-1511, GO-2023-1520, GO-2023-1512, GO-2023-1517, GO-2023-1518
...
Fixes golang/vulndb#1527
Fixes golang/vulndb#1524
Fixes golang/vulndb#1516
Fixes golang/vulndb#1514
Fixes golang/vulndb#1513
Fixes golang/vulndb#1511
Fixes golang/vulndb#1520
Fixes golang/vulndb#1512
Fixes golang/vulndb#1517
Fixes golang/vulndb#1518
Fixes golang/vulndb#1517
Change-Id: Icbda7a3b2474fb21b0aa9a3b4a15cea402199264
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466475
Run-TryBot: Maceo Thompson <maceothompson@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-09 16:29:51 +00:00
c0d4f91266
data/reports: add skip_fix to some cmd reports
...
Change-Id: Idafd1f4a261e5c4f95f16f2975a782805ea0793a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466661
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-08 20:38:52 +00:00
1ff0a703e5
cmd/vulnreport: in fix, check packages even if no symbols
...
Vulnreport fix now checks packages (e.g., whether a package exists)
even if there are no symbols to check (unless skip_fix is set).
Change-Id: I09935c1f778ed0e08eeb411111177f328d026513
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466657
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-08 20:38:42 +00:00
3828f30271
data/reports: add symbol to GO-2022-1213.yaml
...
Aliases: CVE-2018-25060, GHSA-hhxg-px5h-jc32
Updates golang/vulndb#1213
Change-Id: Icdd4e887a18002e6864e974efb6a7d5ca4ddf891
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466660
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-08 20:33:16 +00:00
cc4a08a266
data/reports: add packages to GO-2021-0053.yaml
...
Listed package was a module, not a package
Aliases: CVE-2021-3121, GHSA-c3h9-896r-86jm
Updates golang/vulndb#53
Change-Id: Iea87cda17b8b2885331fc5872c700525e37af72b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466658
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-08 20:33:06 +00:00
2fcfeff930
data/reports: add missing GHSAs
...
These GHSAs were found by a modification of the behavior of vulnreport
fix.
Change-Id: I72415e876d84d30f81896108421d5bf998018c4f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466576
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-08 18:46:18 +00:00
3d42cf3203
data/reports: add GHSA to GO-2021-0094.yaml
...
Aliases: CVE-2020-29529, GHSA-2g5j-5x95-r6hr
Updates golang/vulndb#94
Change-Id: I87c8fec4db7e920b2335ffb56e9851b1f7bd9a34
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466142
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 21:49:55 +00:00
b4cc423062
data/reports: add GHSA to GO-2021-0072.yaml
...
Aliases: CVE-2017-11468, GHSA-h62f-wm92-2cmw
Updates golang/vulndb#72
Change-Id: I2dda7ff592286446fbc54492899fcd2fa2f9d52c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466141
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 21:49:53 +00:00
80ac1f6bb6
data/reports: add GHSA to GO-2021-0066.yaml
...
Aliases: CVE-2020-8564, GHSA-8mjg-8c8g-6h85
Updates golang/vulndb#66
Change-Id: Ie2e5142aeefc8b2b1f9ff3637e8890b1b2480fa6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466140
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 21:49:52 +00:00
52ac4fe838
data/reports: add GHSA to GO-2021-0064.yaml
...
Aliases: CVE-2020-8565, GHSA-8cfg-vx93-jvxw
Updates golang/vulndb#64
Change-Id: I36bd5136155b44a113e6110bcb0d870b02519112
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466139
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 21:49:50 +00:00
e0054d1148
data/reports: add GHSA to GO-2021-0054.yaml
...
Aliases: CVE-2020-36067, GHSA-p64j-r5f4-pwwx
Updates golang/vulndb#54
Change-Id: I17568f858b236c66c1a54d51721c0ee572846994
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466138
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 21:49:49 +00:00
778e233a1a
data/reports: add GHSA to GO-2020-0026.yaml
...
Aliases: CVE-2018-1103, GHSA-w55j-f7vx-6q37
Updates golang/vulndb#26
Change-Id: Ib3fbb9a0a20fe15fec4c78d2d02277f8c95f8901
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466137
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-07 21:49:48 +00:00
e7e5ce5060
data/reports: add skip_fix to GO-2022-1180.yaml
...
Aliases: CVE-2022-47633, GHSA-m3cq-xcx9-3gvm
Updates golang/vulndb#1180
Change-Id: Ie879d730d352a9329bc7adf36180445bd94846d3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466078
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2023-02-07 21:49:47 +00:00
5de5cebd52
data/reports: add skip_fix / fix formatting for some reports
...
Change-Id: If4cb3f9637dbd4676bfd56e68c55ce44703fe696
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466077
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-07 21:49:45 +00:00
f090099d79
data/reports: fix formatting for GO-2022-1159.yaml
...
Aliases: CVE-2022-4123, GHSA-rprg-4v7q-87v7
Updates golang/vulndb#1159
Change-Id: I712242bc64fec3b69c163278133326883a1e9295
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466076
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-07 21:49:44 +00:00
c9193aa05a
tests: correct typos in output
...
Change-Id: I598f3d7af6569559658c27114999e9820bd20485
GitHub-Last-Rev: 474cabb423golang/vulndb#1532
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465695
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
2023-02-07 17:10:18 +00:00
0c997e2d8e
data/reports: run fix on GO-2022-1148.yaml
...
This required running fix with an older version of Go because
some dependencies only work with <1.19.
Aliases: CVE-2022-23492, GHSA-j7qp-mfxf-8xjw
Updates golang/vulndb#1148
Change-Id: I5d3ada1b59f57f3f72157a367ff69028540ec05b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465815
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:07:05 +00:00
d7fb56a3ff
data/reports: add skip_fix to some reports
...
These already had vulnerable_at, but fixed failed.
Change-Id: I4f9b2e570b0642566123b6f2f6ed2b4625a9b9bc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465817
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:06:37 +00:00
03da7dfb7c
data/reports: fix package in GO-2022-1086.yaml
...
Aliases: CVE-2022-38580, GHSA-f2rj-m42r-6jm2
Updates golang/vulndb#1086
Change-Id: Id66c03865f990f1fe3ccffec7b41573cd679556d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465816
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:06:29 +00:00
1ebceada91
data/reports: add vulnerable_at to some reports
...
Change-Id: Ia89b783ab748eb8f51991276d6094e69d8537fa9
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465804
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 16:06:22 +00:00
49d3317219
data/reports: add vulnerable_at and skip_fix to reports
...
Change-Id: I08411b334417ac17f27c3233df27742dd69906ab
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465803
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:06:09 +00:00
aceb618704
data/reports: fix versions in GO-2022-0603.yaml
...
Aliases: CVE-2022-28948, GHSA-hp87-p4gw-j4gq
Updates golang/vulndb#603
Change-Id: Ief9269f8943b2e76cdf458965087faf2387adefd
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465802
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:06:01 +00:00
f01ed42065
data/reports: add vulnerable_at to GO-2022-0569.yaml
...
Aliases: CVE-2022-31836, GHSA-95f9-94vc-665h
Updates golang/vulndb#569
Change-Id: If26ddd1f63c2d82bf4a6e069a1de1945a5b6491d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465801
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:05:55 +00:00
93f2ec9290
data/reports: add vulnerable_at to GO-2022-0572.yaml
...
Aliases: CVE-2021-30080, GHSA-28r6-jm5h-mrgg
Updates golang/vulndb#572
Change-Id: Ibbda521c20c8338441f75be66bb8a800a443a325
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465800
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 16:05:49 +00:00
dbbdb3aa0b
data/reports: add vulnerable_at to GO-2021-0105.yaml
...
Also fixes package name
Aliases: CVE-2020-26265, GHSA-xw37-57qp-9mm4
Updates golang/vulndb#105
Change-Id: I0e15f83d189ba546b7961cd9f2ab055908a9b9cf
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465799
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 16:05:43 +00:00
72bcb3526a
data/reports: add vulnerable_at to GO-2021-0098.yaml
...
Aliases: CVE-2021-21237, GHSA-cx3w-xqmc-84g5
Updates golang/vulndb#98
Change-Id: I69c91b82b7b477c494c2ef8884b0e8d6e034589e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465798
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:05:32 +00:00
b0e70d0a64
data/reports: add vulnerable_at to GO-2021-0097.yaml
...
Aliases: CVE-2020-29242, CVE-2020-29243, CVE-2020-29244, CVE-2020-29245
Updates golang/vulndb#97
Change-Id: I54ddcaae0d9e3be94eaa1998dce9c239a9746415
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465797
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-07 16:05:22 +00:00
202a12d5f6
data/reports: add vulnerable_at to GO-2021-0094.yaml
...
Aliases: CVE-2020-29529
Updates golang/vulndb#94
Change-Id: I065e04bfa1434500f74c644e900439099266e06c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465796
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-07 16:05:03 +00:00
790329ade5
data/reports: add vulnerable_at to GO-2021-0088.yaml
...
Aliases: CVE-2019-3564, GHSA-x4rg-4545-4w7w
Updates golang/vulndb#88
Change-Id: I161e5d2c28b83a9e0b97584c9120aa372244b16d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465795
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-07 16:04:49 +00:00
bbcb7f3159
data/reports: add vulnerable_at to GO-2022-0586.yaml
...
Also adds missing packages and removes unconfirmed "introduced" versions
Aliases: CVE-2022-26945, CVE-2022-30321, CVE-2022-30322, CVE-2022-30323, GHSA-28r2-q6m8-9hpx, GHSA-cjr4-fv6c-f3mv, GHSA-fcgg-rvwg-jv58, GHSA-x24g-9w7v-vprh
Updates golang/vulndb#586
Change-Id: Ib93dbfd87ba248172d757733e2bd4dd8995bf102
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465175
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-06 18:31:19 +00:00
eed7737588
data/reports: add vulnerable_at to some reports
...
For reports that had errors, a possible reason is given with a TODO to
revisit. We will begin by adding vulnerable_at to everything (if
possible), and then break up the work to investigate errors.
Change-Id: I350d1ded5185913a6b75e95625e46c7c18aea1e0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465635
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
2023-02-06 18:23:06 +00:00
0396b36040
data/reports: add vulnerable_at to GO-2020-0032.yaml
...
Aliases: CVE-2019-25073, GHSA-fjgq-224f-fq37
Updates golang/vulndb#32
Change-Id: Ia048bb5e08e96e66a38ebed3f43f7304f2b681a2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465177
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-06 16:21:23 +00:00
f0441fd318
data/reports: add vulnerable_at to GO-2020-0007.yaml
...
Aliases: CVE-2017-18367, GHSA-58v3-j75h-xr49
Updates golang/vulndb#7
Change-Id: I566617e7fd9df18d0fe377847b02d8cbd5ce6ac0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465176
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
2023-02-06 16:20:01 +00:00
b76345a101
data/reports: add vulnerable_at to GO-2021-0101.yaml
...
Aliases: CVE-2019-0210, GHSA-jq7p-26h5-w78r
Updates golang/vulndb#101
Change-Id: I1b688d09c2608cdd6f13d987c796c0e419179e63
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465183
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-06 16:18:38 +00:00
6fdbe6f389
data/reports: add vulnerable_at to GO-2021-0104.yaml
...
Aliases: CVE-2021-28681, GHSA-74xm-qj29-cq8p
Updates golang/vulndb#104
Change-Id: I542dbf322397998463555c5eeac3c950ab2a93c2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465182
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
2023-02-06 16:18:04 +00:00
a5f78dd22d
data/reports: add vulnerable_at to GO-2021-0106.yaml
...
Aliases: CVE-2020-36566, GHSA-jpf8-h7h7-3ppm
Updates golang/vulndb#106
Change-Id: I20ed408d1797c564aeaedb83603786daefde1c75
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465181
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-06 16:16:46 +00:00
a9d74d0f79
data/reports: add vulnerable_at to GO-2021-0113.yaml
...
Aliases: CVE-2021-38561, GHSA-ppp9-7jff-5vj2
Updates golang/vulndb#113
Change-Id: I1b6108e968286216b1e353987e59da0fb9c0acc5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465180
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-06 16:15:44 +00:00
2fc0ee00d2
data/reports: add vulnerable_at to GO-2021-0227.yaml
...
Aliases: CVE-2020-29652
Updates golang/vulndb#227
Change-Id: I596dd614fab9ec50299d151bf395ca3439601e76
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465179
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-06 16:15:26 +00:00
751df622de
data/reports: add vulnerable_at to some reports
...
Change-Id: I731920f60f900b06dbc3512c4624dac81caaf2f0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465184
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-06 16:14:36 +00:00
b9638e6227
all_test: remove TestMissingReports
...
Updates golang/go#56139
Change-Id: I6288b65cb073730b6069512b0259a0a1e09519ed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464935
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
2023-02-02 21:53:37 +00:00
Tatiana Bradley
Tim King
Zvonimir Pavlinovic
Maceo Thompson
Oleksandr Redko