42c71d8ab3
data/reports: update GO-2023-1737.yaml
...
Add fixed version.
Updates golang/vulndb#1737
Fixes golang/vulndb#1810
Change-Id: I0e4f5224c2dfe2bac98a389c25ac526cfd06d36f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/499895
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-06-01 15:21:27 +00:00
5da7e3174d
data/reports: add GO-2023-1772.yaml
...
Aliases: CVE-2023-2253, GHSA-hqxw-f8mx-cpmw
Fixes golang/vulndb#1772
Change-Id: I5a0eb5a240c7b94468a6284d95b662f5e5b5b543
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494937
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-05-24 18:13:11 +00:00
eca7ee86dd
data: add some missing GHSAs
...
Change-Id: I24b94c796e9f2b8b934465ec9ac377ffeb7cc1c2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/497636
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-24 17:06:25 +00:00
c68acc5628
data/reports: add GO-2023-1765.yaml
...
Aliases: CVE-2023-1732, GHSA-2q89-485c-9j2x
There were two edits in the fix CL that are not reflected in the
report: the ones in packages kem/kyber/templates and
kem/sike/templates. These contain Go files with a "//+ build ignore"
tag. They are actually templates that are probably used
to generated the other .go files.
I tried to add a comment to that effect to the yaml file,
but vulnreport removed it.
Fixes golang/vulndb#1765
Change-Id: Ib48fae330230687178ea4b61e6202150e6f89d1b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494940
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-24 15:32:51 +00:00
db19ee9ad5
internal/report: reuse OSV validation for version ranges
...
Instead of validating YAML version ranges directly, convert them
to OSV ranges and validate those to re-use the code.
Also add a lint check to ensure the vulnerable_at version is inside the
vulnerable range, and fix a report that had this error.
Change-Id: I315fd3e62902c115ea56b3111e3d77983d5a74fb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495985
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-23 21:03:16 +00:00
e68e5e46e8
internal/report: improve Lint testing infra
...
Make Lint easier to test by creating test reports that can
be changed via a function, rather than needing to copy-and-paste the
test reports for each test case.
Change-Id: I13f7c3c699de4efb90b3ba621c00bb772ff48321
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495983
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-23 21:03:09 +00:00
0910814825
internal/report, all: allow multiple credits in YAML reports
...
Allow multiple credits in YAML reports to move closer to format of
OSV and CVEs.
Change all the YAML reports to use this new field, and update any
OSVs/CVEs that now have multiple credits.
Change-Id: I6452cb51614b44c86ec6fa47a7bce68976be8f9e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/496163
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-05-18 20:38:56 +00:00
55adb3a5ba
data/reports: add GO-2023-1505.yaml
...
Aliases: CVE-2022-47747, GHSA-hj4g-4w36-x8hp
Fixes golang/vulndb#1505
Change-Id: Ied31516398ebce8d537668946cf5fadc6d1b0721
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495375
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Auto-Submit: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-17 15:57:34 +00:00
79e8525f4f
data/reports: sort versions in GO-2023-1515.yaml
...
Aliases: CVE-2022-43756, GHSA-8fcj-gf77-47mg
Updates golang/vulndb#1515
Change-Id: I946852e4db1f608ad4fbffb92a405e8b8ab0b3be
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495496
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-05-16 21:17:26 +00:00
7165d97527
data/reports: add a reference to GO-2022-0322.yaml
...
Aliases: CVE-2022-21698, GHSA-cg3q-j54f-5p7p
For golang/vulndb#322
Change-Id: Ia5559f868543160abdb63423c0de7323fcb0669d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/495495
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-05-16 21:17:24 +00:00
564a77a6b1
data/reports: add GO-2023-1737.yaml
...
Aliases: CVE-2023-29401
Updates golang/vulndb#1737
Change-Id: Iaf02c0a5966e96a2515b0c31b8739bc4a80131ce
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494315
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
2023-05-11 18:59:56 +00:00
69f5b83308
data/reports: add -0 suffix to stdlib report versions
...
For std and cmd reports with an introduced at 1.x.0 version, add the
suffix "-0" so that the vuln will be considered introduced before any
rc versions.
Change-Id: I4c69a7895b453f759924cefaa283570ee42b4858
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/494218
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-11 15:31:00 +00:00
480f580aa0
data/reports: add GO-2023-1753.yaml
...
Aliases: CVE-2023-29400
Updates golang/vulndb#1753
Change-Id: Ic0af9f93be9dc925e25407a7a7d7f016ffd17745
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492397
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
2023-05-05 21:10:24 +00:00
04643752dd
data/reports: add GO-2023-1752.yaml
...
Aliases: CVE-2023-24540
Updates golang/vulndb#1752
Change-Id: Id8ced15224c5ed265d8d409cb42066f81f303f76
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492396
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2023-05-05 21:10:22 +00:00
7cf71f40ac
data/reports: add GO-2023-1751.yaml
...
Aliases: CVE-2023-24539
Updates golang/vulndb#1751
Change-Id: I940926c86569eb0be835443e1250f5416f9c09e1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/492395
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-05-05 21:10:20 +00:00
4a4e065ebb
data/reports: update GO-2022-0942.yaml
...
Aliases: CVE-2022-37315, GHSA-h3qm-jrrf-cgj3
Updates golang/vulndb#942
Change-Id: I6c5d1880da9465394ac353810be47205ef14f88f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/485915
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Commit-Queue: Tim King <taking@google.com>
2023-04-18 21:32:26 +00:00
e2687ad265
data/reports: add GO-2023-1713.yaml
...
Aliases: CVE-2023-1800, GHSA-xq3x-grrj-fj6x
Fixes golang/vulndb#1713
Change-Id: Ie249047608ebb0cd2b49fa4428a5e8bbcda5c9d5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483978
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Commit-Queue: Tim King <taking@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-12 21:45:55 +00:00
e19cbc7025
data/reports: add GO-2023-1717.yaml
...
Aliases: CVE-2023-29194, GHSA-735r-hv67-g38f
Fixes golang/vulndb#1717
Change-Id: I85b6edbde34fe5affd60f188d9426c51aeea7756
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483835
Run-TryBot: Tim King <taking@google.com>
Commit-Queue: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-12 20:20:52 +00:00
e62d420496
data/reports: add GO-2023-1709.yaml
...
Aliases: CVE-2023-25000, GHSA-vq4h-9ghm-qmrr
Fixes golang/vulndb#1709
Change-Id: I55a09987916e1e2a93c8ca152bddea8b0faf6d15
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/484035
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
2023-04-12 17:45:35 +00:00
a0861d94c2
data/reports: update GO-2023-1571.yaml
...
Add more specific symbol data.
Aliases: CVE-2022-41723, GHSA-vvpx-j8f3-3w6h
Updates golang/vulndb#1571
Change-Id: I8d0641c8a949fde289766c3563d868c276296844
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/483195
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-04-11 17:31:24 +00:00
b984530da4
data/reports: add GO-2023-1703.yaml
...
Aliases: CVE-2023-24538
Updates golang/vulndb#1703
Change-Id: I14085ebbad5ff6593841480f05acba69a33da101
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482618
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-04-05 21:05:27 +00:00
08783bf3cc
data/reports: add GO-2023-1702.yaml
...
Aliases: CVE-2023-24537
Updates golang/vulndb#1702
Change-Id: If2aa3ba095dee838ab03bf8eb700fa784309db5c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482617
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-05 21:05:07 +00:00
9861bba207
data/reports: add GO-2023-1705.yaml
...
Aliases: CVE-2023-24536
Updates golang/vulndb#1705
Change-Id: Ia72d08efa0fadaaa372ed4d2b2ca4a60727a6a29
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482620
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 21:04:39 +00:00
5a51930550
data/reports: add GO-2023-1704.yaml
...
Aliases: CVE-2023-24534
Updates golang/vulndb#1704
Change-Id: If292486de476c975a01116a98c9af63935135830
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482619
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 21:04:28 +00:00
4fe3d1f38b
data/reports: add GO-2023-1546.yaml
...
Aliases: CVE-2023-25151, GHSA-5r5m-65gx-7vrh
Fixes golang/vulndb#1546
Change-Id: I2662bdfb386c9ee295041fb06d23e30d6e021c73
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482616
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-04-05 18:02:21 +00:00
75c9211c90
data: add missing ghsas
...
Run "vulnreport fix" on all reports to pick up missing GHSAs.
Change-Id: I8859b1eb003e1cb4d310224a712d5827c201c040
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/482055
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-04-04 16:37:49 +00:00
15e8ff0ee9
data/reports: add GO-2023-1681.yaml
...
Aliases: CVE-2023-0778, GHSA-qwqv-rqgf-8qh8
Fixes golang/vulndb#1681
Change-Id: I11bf7f4acba02d30f6bb59cc445823cac1b4bb33
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/480715
Run-TryBot: Maceo Thompson <maceothompson@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-03 18:53:25 +00:00
264b406b71
internal/osv, all: move DatabaseSpecific osv field
...
Moves DatabaseSpecific to be a field of the top-level osv.Entry, instead
of a subfield of the Affected field.
Change-Id: I8c80f8af268b51d57833268b89947838c53e407a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/481136
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-04-03 15:57:51 +00:00
d2854b653c
data/reports: update GO-2023-1631.yaml
...
add aliases: GHSA-hw7c-3rfg-p46j
Updates golang/vulndb#1631
Change-Id: Ic49d5769d5c831af2bfbcd3f4f8e20d2ae4e9b8a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/476455
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-03-15 16:07:33 +00:00
e8b24cf7fd
data/reports: add GO-2023-1631.yaml
...
Aliases: CVE-2023-24535
Updates golang/vulndb#1631
Change-Id: If969c534b888ca71d337a6dc85e691839973488d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/476098
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
2023-03-14 16:47:00 +00:00
42e3019f6f
data/reports: add GO-2023-1623.yaml
...
Aliases: CVE-2023-27483
Fixes golang/vulndb#1623
Change-Id: I8cfabaceaea6b7580d97499ced99771da8bd1275
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/475917
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
2023-03-13 19:39:57 +00:00
83d2dfb982
data/reports, data/excluded: add missing GHSAs
...
Missing GHSAs were found by running "vulnreport fix" on all reports.
Change-Id: I84eb766c434f30f74b779b4e83b5366ef6900bed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474655
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-03-09 20:20:48 +00:00
e974e7155b
data/reports: add GO-2023-1621.yaml
...
Aliases: CVE-2023-24532
Updates golang/vulndb#1621
Change-Id: I9f5f89803f6b0ed4a1c5a8db3ef64c51f004bf3d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474615
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-03-08 19:30:53 +00:00
15a70adbf5
data/reports: add GO-2023-1611.yaml
...
Aliases: CVE-2023-27475, GHSA-fx2v-qfhr-4chv
Fixes golang/vulndb#1611
Change-Id: I395def215b778116d5a97230bf847f907661441a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474579
Run-TryBot: Roland Shoemaker <roland@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-03-08 19:29:55 +00:00
dc03e02b04
cmd/vulnreport: resolve package references with "go mod tidy".
...
When resolving vulnerable symbols, we create a temporary module which
depends on the vulnerable package. Construct this temporary module's
go.mod file with "go mod tidy" rather than "go get -u", which seems
to do a better of job of resolving the dependencies for packages
in the Kubernetes ecosystem. Allows vulnreport fix to work on
GO-2023-1549.
Change-Id: I50a71807411a3bab896b5982186d3e57fa1d941b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/470376
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-03-07 23:43:09 +00:00
7ff99c73f8
data/reports: add GO-2023-1602.yaml
...
Aliases: CVE-2023-26483, GHSA-6gc3-crp7-25w5
Fixes golang/vulndb#1602
Change-Id: I30cbaf0cbe110435a4ce49d36bc32bf89db1688b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473057
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-03-03 17:17:54 +00:00
0310a8784e
data/reports: add GO-2023-1600.yaml
...
Aliases: CVE-2023-26047, GHSA-p2pf-g8cq-3gq5
Fixes golang/vulndb#1600
Change-Id: I0d3fa1f1ee4eed4f4ccd9515afd53b37545bbc06
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472735
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-03-02 00:34:41 +00:00
4077696fe1
data/reports: add GO-2023-1597.yaml
...
Aliases: CVE-2023-26046, GHSA-9f95-hhg4-pg4f
Updates golang/vulndb#1597
Change-Id: I59524a5160e7d68d0e65fbaa5527f4ba4eaf144d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472716
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-03-02 00:34:19 +00:00
11c9bd8b0e
data/reports: add GO-2023-1595.yaml
...
Aliases: CVE-2023-24533
Updates golang/vulndb#1595
Change-Id: I37356016a3a6a99686877dfea6232744aa03c808
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471795
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-28 22:54:56 +00:00
a8b10a0e19
data/reports: add additional affected module to GO-2022-0463, GO-2022-0572, GO-2022-0569
...
Adds "github.com/astaxie/beego", which is also affected by these
vulnerabilities.
Thanks to Ludovic Lang @ ControlPlane for reporting.
Change-Id: I008aac19dc5373d742b2a0c4fadd55319e026e3f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471777
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-28 17:16:51 +00:00
5e75194a27
data/reports: add GHSAs for GO-2023-1571, GO-2023-1572
...
For golang/vulndb#1571
For golang/vulndb#1572
Change-Id: I5400ea718f2a173361c5c8cbd91d32862d16644f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/470375
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
2023-02-22 20:13:12 +00:00
8cb59f0eba
data/reports: add GO-2023-1569.yaml
...
Aliases: CVE-2022-41725
Updates golang/vulndb#1569
Change-Id: I83b52241f0bbe8f5f247284bd6e6b03dd6edb133
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468898
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-21 20:44:30 +00:00
15cb3c90a6
data/reports: add GO-2023-1578.yaml
...
Aliases: CVE-2023-0475, GHSA-jpxj-2jvg-6jv9
Fixes golang/vulndb#1578
Change-Id: I9bd8aee8936a9c166f3e6eb85613eb29954bc7ea
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/469100
Run-TryBot: Tim King <taking@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
Auto-Submit: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-17 21:16:15 +00:00
4aae72da45
data/reports: add GO-2023-1574.yaml
...
Aliases: CVE-2023-25173, GHSA-hmfx-3pcx-653p
Fixes golang/vulndb#1574
Change-Id: Ia0fe55d91d704974b9df0da6aaf5be72d9528b2a
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/469099
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
2023-02-17 20:52:58 +00:00
ece9a054ca
data/reports: add GO-2023-1573.yaml
...
Aliases: CVE-2023-25153, GHSA-259w-8hf6-59c2
Fixes golang/vulndb#1573
Change-Id: I89f90695dd813ea446fb2ed6e521edb4075173ab
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468995
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
2023-02-17 19:16:59 +00:00
bbfff9b945
data/reports: add GO-2023-1571.yaml
...
Aliases: CVE-2022-41723
Updates golang/vulndb#1571
Change-Id: Iec81cb886f5e67d37f5b484f59e257431bde4690
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468900
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
2023-02-16 22:31:36 +00:00
ba363690f1
data/reports: add GO-2023-1572.yaml
...
Aliases: CVE-2022-41727
Updates golang/vulndb#1572
Change-Id: I5feb10dc0c30c225ce161c21ee6a3c86bbab665e
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468901
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-16 22:25:24 +00:00
b7ef72b1f2
data/reports: add GO-2023-1570.yaml
...
Aliases: CVE-2022-41724
Updates golang/vulndb#1570
Change-Id: I0efdb318fe432ec425e7d018228ebba8c23429b2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468899
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
2023-02-16 22:24:51 +00:00
67a475b3fe
data/reports: add GO-2023-1549.yaml
...
Aliases: CVE-2023-0229, GHSA-5465-xc2j-6p84
Fixes golang/vulndb#1549
Change-Id: I02fb373c8f0367274d6e6995d62d47518da24ca7
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468896
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-16 21:56:10 +00:00
dc6d92fa4c
data/reports: add GO-2023-1568.yaml
...
Aliases: CVE-2022-41722
Updates golang/vulndb#1568
Change-Id: Icd6550b10b66ff6fa223c1aad0f7ec33378f89b2
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468555
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
2023-02-16 19:49:19 +00:00
Tatiana Bradley
Jonathan Amsterdam
Julie Qiu
Zvonimir Pavlinovic
Tim King
Maceo Thompson
Damien Neil
Roland Shoemaker