42c71d8ab3
data/reports: update GO-2023-1737.yaml
...
Add fixed version.
Updates golang/vulndb#1737
Fixes golang/vulndb#1810
Change-Id: I0e4f5224c2dfe2bac98a389c25ac526cfd06d36f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/499895
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-06-01 15:21:27 +00:00
f1409b0461
data: add lint check for ID and add ID to all YAML reports
...
Adds the ID field to all YAML reports and adds a lint check to enforce
that all reports have the correct value for the field. Also adds a
step to "vulnreport fix" to fix the ID if needed.
Change-Id: I51f4654e127528e1dbbfcb9c59da3658ad52098b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/498281
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-05-31 21:30:23 +00:00
2489576509
data/excluded: batch add GO-2023-1785, GO-2023-1789, GO-2023-1787
...
Fixes golang/vulndb#1785
Fixes golang/vulndb#1789
Fixes golang/vulndb#1787
Change-Id: I851405992d806eff32378f9cd08e2dea0c9bd9e3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/498277
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Maceo Thompson <maceothompson@google.com>
2023-05-26 17:25:23 +00:00
5da7e3174d
data/reports: add GO-2023-1772.yaml
...
Aliases: CVE-2023-2253, GHSA-hqxw-f8mx-cpmw
Fixes golang/vulndb#1772
Change-Id: I5a0eb5a240c7b94468a6284d95b662f5e5b5b543
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494937
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-05-24 18:13:11 +00:00
eca7ee86dd
data: add some missing GHSAs
...
Change-Id: I24b94c796e9f2b8b934465ec9ac377ffeb7cc1c2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/497636
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-24 17:06:25 +00:00
c68acc5628
data/reports: add GO-2023-1765.yaml
...
Aliases: CVE-2023-1732, GHSA-2q89-485c-9j2x
There were two edits in the fix CL that are not reflected in the
report: the ones in packages kem/kyber/templates and
kem/sike/templates. These contain Go files with a "//+ build ignore"
tag. They are actually templates that are probably used
to generated the other .go files.
I tried to add a comment to that effect to the yaml file,
but vulnreport removed it.
Fixes golang/vulndb#1765
Change-Id: Ib48fae330230687178ea4b61e6202150e6f89d1b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494940
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-24 15:32:51 +00:00
db19ee9ad5
internal/report: reuse OSV validation for version ranges
...
Instead of validating YAML version ranges directly, convert them
to OSV ranges and validate those to re-use the code.
Also add a lint check to ensure the vulnerable_at version is inside the
vulnerable range, and fix a report that had this error.
Change-Id: I315fd3e62902c115ea56b3111e3d77983d5a74fb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495985
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-23 21:03:16 +00:00
e68e5e46e8
internal/report: improve Lint testing infra
...
Make Lint easier to test by creating test reports that can
be changed via a function, rather than needing to copy-and-paste the
test reports for each test case.
Change-Id: I13f7c3c699de4efb90b3ba621c00bb772ff48321
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495983
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-23 21:03:09 +00:00
0910814825
internal/report, all: allow multiple credits in YAML reports
...
Allow multiple credits in YAML reports to move closer to format of
OSV and CVEs.
Change all the YAML reports to use this new field, and update any
OSVs/CVEs that now have multiple credits.
Change-Id: I6452cb51614b44c86ec6fa47a7bce68976be8f9e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/496163
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-05-18 20:38:56 +00:00
3c40521d11
internal/reports: remove unused field DoNotExport from YAML
...
DoNotExport is no longer used for anything, so remove it.
Change-Id: I11793d774a20e96e4ec84e2bdc238c28136630f4
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/496161
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-05-18 20:38:42 +00:00
55adb3a5ba
data/reports: add GO-2023-1505.yaml
...
Aliases: CVE-2022-47747, GHSA-hj4g-4w36-x8hp
Fixes golang/vulndb#1505
Change-Id: Ied31516398ebce8d537668946cf5fadc6d1b0721
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495375
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Auto-Submit: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-17 15:57:34 +00:00
79e8525f4f
data/reports: sort versions in GO-2023-1515.yaml
...
Aliases: CVE-2022-43756, GHSA-8fcj-gf77-47mg
Updates golang/vulndb#1515
Change-Id: I946852e4db1f608ad4fbffb92a405e8b8ab0b3be
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495496
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-05-16 21:17:26 +00:00
7165d97527
data/reports: add a reference to GO-2022-0322.yaml
...
Aliases: CVE-2022-21698, GHSA-cg3q-j54f-5p7p
For golang/vulndb#322
Change-Id: Ia5559f868543160abdb63423c0de7323fcb0669d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495495
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-16 21:17:24 +00:00
0f5634c450
data/excluded: batch add GO-2023-1775, GO-2023-1778, GO-2023-1774, GO-2023-1771, GO-2023-1769, GO-2023-1768, GO-2023-1779
...
Fixes golang/vulndb#1775
Fixes golang/vulndb#1778
Fixes golang/vulndb#1774
Fixes golang/vulndb#1771
Fixes golang/vulndb#1769
Fixes golang/vulndb#1768
Fixes golang/vulndb#1779
Change-Id: Ic7444b456ede60031b9314b54254c236c4fd4137
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495335
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Auto-Submit: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
2023-05-16 19:22:12 +00:00
564a77a6b1
data/reports: add GO-2023-1737.yaml
...
Aliases: CVE-2023-29401
Updates golang/vulndb#1737
Change-Id: Iaf02c0a5966e96a2515b0c31b8739bc4a80131ce
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494315
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
2023-05-11 18:59:56 +00:00
00566bd833
data/reports: add summaries for x/ repo vulns
...
For golang/go#56443
Change-Id: I2b007a983da699bdac46408c0cd5ad6506e5ddb2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493918
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-11 16:33:42 +00:00
69f5b83308
data/reports: add -0 suffix to stdlib report versions
...
For std and cmd reports with an introduced at 1.x.0 version, add the
suffix "-0" so that the vuln will be considered introduced before any
rc versions.
Change-Id: I4c69a7895b453f759924cefaa283570ee42b4858
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494218
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-11 15:31:00 +00:00
2afe1452c0
data/excluded: batch add GO-2023-1763, GO-2023-1764, GO-2023-1761, GO-2023-1758, GO-2023-1754
...
Fixes golang/vulndb#1763
Fixes golang/vulndb#1764
Fixes golang/vulndb#1761
Fixes golang/vulndb#1758
Fixes golang/vulndb#1754
Change-Id: I45bb18641f813b03d79036af82fa4ffd2a3d8c4f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493895
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-10 20:14:07 +00:00
7c92a880cc
internal/report, data/reports: require summary field in YAML
...
Adds a lint check to require a non-empty summary field in YAML reports,
and backfills summary field for all old reports with a TODO. (This TODO
is OK because the summary field is not yet published to OSV.)
For golang/go#56443
Change-Id: I368d48ceca35ed74a0461550d5386ae7ff85be1a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/493595
Reviewed-by: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-10 15:19:00 +00:00
480f580aa0
data/reports: add GO-2023-1753.yaml
...
Aliases: CVE-2023-29400
Updates golang/vulndb#1753
Change-Id: Ic0af9f93be9dc925e25407a7a7d7f016ffd17745
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492397
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
2023-05-05 21:10:24 +00:00
04643752dd
data/reports: add GO-2023-1752.yaml
...
Aliases: CVE-2023-24540
Updates golang/vulndb#1752
Change-Id: Id8ced15224c5ed265d8d409cb42066f81f303f76
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492396
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2023-05-05 21:10:22 +00:00
7cf71f40ac
data/reports: add GO-2023-1751.yaml
...
Aliases: CVE-2023-24539
Updates golang/vulndb#1751
Change-Id: I940926c86569eb0be835443e1250f5416f9c09e1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492395
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-05 21:10:20 +00:00
dabbd8d065
data/excluded: batch add GO-2023-1745, GO-2023-1746
...
Fixes golang/vulndb#1745
Fixes golang/vulndb#1746
Change-Id: Ie547c161d84f173a3d6ddc945411e36f280e9b24
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492275
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-03 19:19:22 +00:00
b33bf57a5b
data/excluded: batch add GO-2023-1748, GO-2023-1747, GO-2023-1749
...
Fixes golang/vulndb#1748
Fixes golang/vulndb#1747
Fixes golang/vulndb#1749
Change-Id: I9827cbfc3df6bd6d7ce78d10d20c828f7a510f90
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/490635
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-05-01 15:31:27 +00:00
cdcf08e00d
data/excluded: batch add GO-2023-1738, GO-2023-1736, GO-2023-1743, GO-2023-1742, GO-2023-1741, GO-2023-1740, GO-2023-1739
...
Fixes golang/vulndb#1738
Fixes golang/vulndb#1736
Fixes golang/vulndb#1743
Fixes golang/vulndb#1742
Fixes golang/vulndb#1741
Fixes golang/vulndb#1740
Fixes golang/vulndb#1739
Change-Id: Icef069934ccae2d3929ce43e1009f455473efa8c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/488995
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-27 20:50:50 +00:00
d0d4740bd4
data/excluded: batch add GO-2023-1735
...
Fixes golang/vulndb#1735
Change-Id: I63a800cf62155c72589213aca74473f79f5d2f9f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/488455
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-25 19:33:44 +00:00
4a4e065ebb
data/reports: update GO-2022-0942.yaml
...
Aliases: CVE-2022-37315, GHSA-h3qm-jrrf-cgj3
Updates golang/vulndb#942
Change-Id: I6c5d1880da9465394ac353810be47205ef14f88f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/485915
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Commit-Queue: Tim King <taking@google.com>
2023-04-18 21:32:26 +00:00
90dd3bf095
data/excluded: batch add GO-2023-1729, GO-2023-1728, GO-2023-1727, GO-2023-1723, GO-2023-1721, GO-2023-1720
...
Fixes golang/vulndb#1729
Fixes golang/vulndb#1728
Fixes golang/vulndb#1727
Fixes golang/vulndb#1723
Fixes golang/vulndb#1721
Fixes golang/vulndb#1720
Change-Id: I99e6baa5cd71aca38062794db154a703bc14422a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/485916
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tim King <taking@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Commit-Queue: Tim King <taking@google.com>
2023-04-18 21:32:18 +00:00
0e10f7b7cd
data/excluded: batch add GO-2023-1712, GO-2023-1711, GO-2023-1710, GO-2023-1708
...
Fixes golang/vulndb#1712
Fixes golang/vulndb#1711
Fixes golang/vulndb#1710
Fixes golang/vulndb#1708
Change-Id: I1b29aa2e1cb37cbf0ecf0a956b13169060e00fb3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/484235
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Run-TryBot: Tim King <taking@google.com>
Commit-Queue: Tim King <taking@google.com>
2023-04-12 23:56:47 +00:00
e2687ad265
data/reports: add GO-2023-1713.yaml
...
Aliases: CVE-2023-1800, GHSA-xq3x-grrj-fj6x
Fixes golang/vulndb#1713
Change-Id: Ie249047608ebb0cd2b49fa4428a5e8bbcda5c9d5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483978
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Commit-Queue: Tim King <taking@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-12 21:45:55 +00:00
e19cbc7025
data/reports: add GO-2023-1717.yaml
...
Aliases: CVE-2023-29194, GHSA-735r-hv67-g38f
Fixes golang/vulndb#1717
Change-Id: I85b6edbde34fe5affd60f188d9426c51aeea7756
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483835
Run-TryBot: Tim King <taking@google.com>
Commit-Queue: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-12 20:20:52 +00:00
e62d420496
data/reports: add GO-2023-1709.yaml
...
Aliases: CVE-2023-25000, GHSA-vq4h-9ghm-qmrr
Fixes golang/vulndb#1709
Change-Id: I55a09987916e1e2a93c8ca152bddea8b0faf6d15
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/484035
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2023-04-12 17:45:35 +00:00
59728fd564
data/excluded: batch add GO-2023-1719, GO-2023-1718, GO-2023-1716
...
Fixes golang/vulndb#1719
Fixes golang/vulndb#1718
Fixes golang/vulndb#1716
Change-Id: I13c73ab82b3a23168e75de75ab366ae351966615
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483975
Run-TryBot: Tim King <taking@google.com>
Commit-Queue: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-12 17:33:21 +00:00
d749071a4a
data/excluded: batch add GO-2023-1715, GO-2023-1714, GO-2023-1707
...
Fixes golang/vulndb#1715
Fixes golang/vulndb#1714
Fixes golang/vulndb#1707
Change-Id: Ib43e98a22473b9f87bfcec71716c44c9006f2ecc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483776
TryBot-Result: Gopher Robot <gobot@golang.org>
Commit-Queue: Tim King <taking@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tim King <taking@google.com>
2023-04-12 16:17:25 +00:00
a0861d94c2
data/reports: update GO-2023-1571.yaml
...
Add more specific symbol data.
Aliases: CVE-2022-41723, GHSA-vvpx-j8f3-3w6h
Updates golang/vulndb#1571
Change-Id: I8d0641c8a949fde289766c3563d868c276296844
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483195
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-04-11 17:31:24 +00:00
b07b772934
data/excluded: batch add GO-2023-1706, GO-2023-1689, GO-2023-1688, GO-2023-1686
...
Fixes golang/vulndb#1706
Fixes golang/vulndb#1689
Fixes golang/vulndb#1688
Fixes golang/vulndb#1686
Change-Id: I88f51de53caebd30e94e4e1d22425376a1aac813
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482836
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-06 19:11:41 +00:00
c15712ef2f
data/excluded: batch add GO-2023-1701, GO-2023-1700, GO-2023-1699, GO-2023-1687, GO-2023-1685, GO-2023-1695, GO-2023-1694, GO-2023-1693, GO-2023-1692, GO-2023-1691, GO-2023-1690
...
Fixes golang/vulndb#1701
Fixes golang/vulndb#1700
Fixes golang/vulndb#1699
Fixes golang/vulndb#1687
Fixes golang/vulndb#1685
Fixes golang/vulndb#1695
Fixes golang/vulndb#1694
Fixes golang/vulndb#1693
Fixes golang/vulndb#1692
Fixes golang/vulndb#1691
Fixes golang/vulndb#1690
Change-Id: Idd5864b39ba41f6cfcbe787c55f07cdba3b91345
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482615
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 21:06:05 +00:00
b984530da4
data/reports: add GO-2023-1703.yaml
...
Aliases: CVE-2023-24538
Updates golang/vulndb#1703
Change-Id: I14085ebbad5ff6593841480f05acba69a33da101
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482618
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-04-05 21:05:27 +00:00
08783bf3cc
data/reports: add GO-2023-1702.yaml
...
Aliases: CVE-2023-24537
Updates golang/vulndb#1702
Change-Id: If2aa3ba095dee838ab03bf8eb700fa784309db5c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482617
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-05 21:05:07 +00:00
9861bba207
data/reports: add GO-2023-1705.yaml
...
Aliases: CVE-2023-24536
Updates golang/vulndb#1705
Change-Id: Ia72d08efa0fadaaa372ed4d2b2ca4a60727a6a29
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482620
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 21:04:39 +00:00
5a51930550
data/reports: add GO-2023-1704.yaml
...
Aliases: CVE-2023-24534
Updates golang/vulndb#1704
Change-Id: If292486de476c975a01116a98c9af63935135830
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482619
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 21:04:28 +00:00
4fe3d1f38b
data/reports: add GO-2023-1546.yaml
...
Aliases: CVE-2023-25151, GHSA-5r5m-65gx-7vrh
Fixes golang/vulndb#1546
Change-Id: I2662bdfb386c9ee295041fb06d23e30d6e021c73
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482616
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 18:02:21 +00:00
75c9211c90
data: add missing ghsas
...
Run "vulnreport fix" on all reports to pick up missing GHSAs.
Change-Id: I8859b1eb003e1cb4d310224a712d5827c201c040
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482055
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-04-04 16:37:49 +00:00
15e8ff0ee9
data/reports: add GO-2023-1681.yaml
...
Aliases: CVE-2023-0778, GHSA-qwqv-rqgf-8qh8
Fixes golang/vulndb#1681
Change-Id: I11bf7f4acba02d30f6bb59cc445823cac1b4bb33
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/480715
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-03 18:53:25 +00:00
c3faa7c9b1
data/excluded: batch add GO-2023-1683, GO-2023-1682, GO-2023-1676, GO-2023-1680
...
Updates GO-2023-1670 to include argo-cd in addition to argo-cd/v2
Fixes golang/vulndb#1683
Fixes golang/vulndb#1682
Fixes golang/vulndb#1679
Fixes golang/vulndb#1676
Fixes golang/vulndb#1680
Change-Id: Ic59ceca938e3fbc1cd2e8b6421a166e3534e0731
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/480716
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-03 17:13:33 +00:00
264b406b71
internal/osv, all: move DatabaseSpecific osv field
...
Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead
of a subfield of the Affected field.
Change-Id: I8c80f8af268b51d57833268b89947838c53e407a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-03 15:57:51 +00:00
cabc9241f0
data/excluded: batch add GO-2023-1674, GO-2023-1671, GO-2023-1670, GO-2023-1669, GO-2023-1668, GO-2023-1667, GO-2023-1662, GO-2023-1661, GO-2023-1660, GO-2023-1659, GO-2023-1658, GO-2023-1657, GO-2023-1656, GO-2023-1655, GO-2023-1654, GO-2023-1653, GO-2023-1673, GO-2023-1666, GO-2023-1665
...
Fixes golang/vulndb#1674
Fixes golang/vulndb#1671
Fixes golang/vulndb#1670
Fixes golang/vulndb#1669
Fixes golang/vulndb#1668
Fixes golang/vulndb#1667
Fixes golang/vulndb#1663
Fixes golang/vulndb#1662
Fixes golang/vulndb#1661
Fixes golang/vulndb#1660
Fixes golang/vulndb#1659
Fixes golang/vulndb#1658
Fixes golang/vulndb#1657
Fixes golang/vulndb#1656
Fixes golang/vulndb#1655
Fixes golang/vulndb#1654
Fixes golang/vulndb#1653
Fixes golang/vulndb#1673
Fixes golang/vulndb#1666
Fixes golang/vulndb#1665
Change-Id: Ia1abf8daf7761c7fd3f9427f20291b8802d46eed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/479297
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-03-27 17:28:17 +00:00
0fedddea81
data/excluded/GO-2023-1642.yaml: change excluded reason
...
I misclassified this originally.
Change-Id: I65565d1dfe2b59773428a178f0fabedf24905b9f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/478276
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-03-21 23:22:56 +00:00
b2eb54aa64
data/excluded: batch add GO-2023-1624, GO-2023-1652, GO-2023-1651, GO-2023-1650, GO-2023-1646, GO-2023-1645, GO-2023-1644, GO-2023-1643, GO-2023-1642, GO-2023-1641, GO-2023-1636, GO-2023-1634, GO-2023-1633, GO-2023-1630, 23-1639, GO-2023-1638, GO-2023-1632
...
Change-Id: Idff24f5945c633736bd8a0956c32c976ab9be0f8
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/478275
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-03-21 21:51:03 +00:00
d2854b653c
data/reports: update GO-2023-1631.yaml
...
add aliases: GHSA-hw7c-3rfg-p46j
Updates golang/vulndb#1631
Change-Id: Ic49d5769d5c831af2bfbcd3f4f8e20d2ae4e9b8a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/476455
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-03-15 16:07:33 +00:00
Tatiana Bradley
Maceo Thompson
Jonathan Amsterdam
Julie Qiu
Zvonimir Pavlinovic
Tim King