vulndb

Граф коммитов

Автор	SHA1	Сообщение	Дата
Tatiana Bradley	99d9182d1c	internal/database: bring back full db validation Change-Id: I03a70dd65f9003ddfc823cd5dbc91b503c17b56d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/475056 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-10 17:02:23 +00:00
Tatiana Bradley	d616541fca	internal/database: re-publish .gz files Change-Id: I3e7735b769a3e47374b339f64b588899447ba99c Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/475115 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-03-09 21:06:17 +00:00
Tatiana Bradley	83d2dfb982	data/reports, data/excluded: add missing GHSAs Missing GHSAs were found by running "vulnreport fix" on all reports. Change-Id: I84eb766c434f30f74b779b4e83b5366ef6900bed Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474655 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-09 20:20:48 +00:00
Tatiana Bradley	e974e7155b	data/reports: add GO-2023-1621.yaml Aliases: CVE-2023-24532 Updates golang/vulndb#1621 Change-Id: I9f5f89803f6b0ed4a1c5a8db3ef64c51f004bf3d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474615 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-08 19:30:53 +00:00
Roland Shoemaker	15a70adbf5	data/reports: add GO-2023-1611.yaml Aliases: CVE-2023-27475, GHSA-fx2v-qfhr-4chv Fixes golang/vulndb#1611 Change-Id: I395def215b778116d5a97230bf847f907661441a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474579 Run-TryBot: Roland Shoemaker <roland@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-08 19:29:55 +00:00
Roland Shoemaker	99c768c37c	data/excluded: batch add GO-2023-1610, GO-2023-1609, GO-2023-1606, GO-2023-1620, GO-2023-1619, GO-2023-1618, GO-2023-1617, GO-2023-1616, GO-2023-1615, GO-2023-1614, GO-2023-1613, GO-2023-1612 Fixes golang/vulndb#1610 Fixes golang/vulndb#1609 Fixes golang/vulndb#1606 Fixes golang/vulndb#1620 Fixes golang/vulndb#1619 Fixes golang/vulndb#1618 Fixes golang/vulndb#1617 Fixes golang/vulndb#1616 Fixes golang/vulndb#1615 Fixes golang/vulndb#1614 Fixes golang/vulndb#1613 Fixes golang/vulndb#1612 Change-Id: I87f6c0f5d03dd64393d36eb294751db3f8ff83c9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474578 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Roland Shoemaker <roland@golang.org>	2023-03-08 19:22:59 +00:00
Damien Neil	dc03e02b04	cmd/vulnreport: resolve package references with "go mod tidy". When resolving vulnerable symbols, we create a temporary module which depends on the vulnerable package. Construct this temporary module's go.mod file with "go mod tidy" rather than "go get -u", which seems to do a better of job of resolving the dependencies for packages in the Kubernetes ecosystem. Allows vulnreport fix to work on GO-2023-1549. Change-Id: I50a71807411a3bab896b5982186d3e57fa1d941b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/470376 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-07 23:43:09 +00:00
Tatiana Bradley	56fb761b08	internal/database: stop publishing .gz files Stop publishing ".gz" files, but preserve the code to do it. Allow a database to be considered valid whether or not the ".gz" files are present. Change-Id: I3d3ee65d042d326862028ea0536ac5fee9239ab1 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474117 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-07 20:00:30 +00:00
Tatiana Bradley	0cf88c44c4	deploy: use GCS automatic gzip functionality Use GCS's auto-gzip functionality in deploy step. This allows all the JSON files to be stored in compressed form but only sent compressed to clients that request it. This paves the way to remove the ".gz" database files. Change-Id: Ibe69d2c75cef20aa315031dbb69952e9c2c06189 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/474116 Reviewed-by: Julie Qiu <julieqiu@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-07 19:08:16 +00:00
Tatiana Bradley	bcd4554fa9	deploy: rename index to index.html In all future deploys, deploy index.html file as "index.html" instead of "index", to avoid a naming conflict with the new "index/" folder. Instructions in README are also updated accordingly. Change-Id: I9f9e5bb994cb53afe0945459acbbe753234ed3a9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473755 Reviewed-by: Julie Qiu <julieqiu@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-03-06 19:27:34 +00:00
Tatiana Bradley	5e1ee0b95f	internal/database: add full validation for old db in Validate Change RawLoad to Load in v1 Validate so that the existing database is validated against the v1 spec before deploy. This was previously "RawLoad" because on first deploy the existing database was not a valid v1 database. For golang/go#58816 Change-Id: I45728266ae0b59b6fd486d196a2a91a712aaf12e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473195 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-03-06 17:52:39 +00:00
Tatiana Bradley	4251dc7165	deploy: deploy v1 database For golang/go#58816 Change-Id: I1fc2d9141f8ca09e7ebb4e6bd6f67cfd95b86911 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472885 Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>	2023-03-06 16:24:55 +00:00
Zvonimir Pavlinovic	65aa575d77	data/excluded: batch add GO-2023-1607 Fixes golang/vulndb#1607 Change-Id: I165bffecab5663129cf24ba3a94d4161464003bb Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473376 Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-06 16:20:18 +00:00
Zvonimir Pavlinovic	85077f6132	data/excluded: batch add GO-2023-1605 Fixes golang/vulndb#1605 Change-Id: I2796136dd02282b73bfef4ee5855d7f95b069013 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473355 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> Reviewed-by: Damien Neil <dneil@google.com>	2023-03-03 22:40:25 +00:00
Tatiana Bradley	8d15d3987a	cmd, deploy: generate and validate v1 database in deploy script Generate and validate, but don't actually deploy, the v1 database in the deploy script. Once we have confidence that this works, we can deploy the v1 database. For golang/go#58816 Change-Id: I69340c76d2514b11ed3d1937b604478903706afc Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472884 Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-03 20:30:54 +00:00
Tatiana Bradley	cd2abd13bb	internal/database/legacydb: ignore v1 files when validating legacy db Ignore ".gz" and "index/" files (from the v1 spec) when loading a legacy db. This will allow a database containing both the legacy and v1 index files to be considered a valid legacy db in pre-deploy checks. For golang/go#58816 Change-Id: I1d96bd0fbfba3ed6e2062ed904e48a4dbcee7217 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472883 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-03 19:15:35 +00:00
Tatiana Bradley	5cd5d80432	internal/database/legacydb: add function to check if a v1 and legacy db are the same Adds a function, Equivalent, which checks if a database in the legacy format is the same as a database in the v1 format. This will be used as a pre-deploy check. For golang/go#58816 Change-Id: I936111882837fc461d2c2819133ac43f5639ab44 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472882 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-03-03 19:15:09 +00:00
Tatiana Bradley	4acd746bad	internal/database: add FromRepo for v1 database Adds a function FromRepo that can generate a v1 database from a git repo (e.g., vulndb) containing OSV files. Also adds end-to-end tests for all database functionality. For golang/go#58816 Change-Id: Ice021f558c953039ba420e1ce613ea8e213243dc Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472881 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-03-03 19:14:50 +00:00
Tatiana Bradley	26dafb8702	internal/database: add Validate for v1 databases Adds functionality to validate that a v1 database is safe to deploy. For golang/go#58816 Change-Id: I18400553b872afc026daf294e0c9b5c0d3333d98 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472880 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-03 19:14:39 +00:00
Tatiana Bradley	ecc16e09e8	internal/database: add Load and Write for v1 databases Adds functionality to read and write v1 vuln databases to/from local directories. For golang/go#58816 Change-Id: Ib522d5917f1f2c037e88aad3ee86f9c525c9c978 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472879 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-03 19:14:26 +00:00
Tatiana Bradley	ab9aa3a217	internal/database: add New function, which creates v1 databases Adds a function, New, which creates a database in the v1 schema from OSV entries. For golang/go#58816 Change-Id: I7513419bc151c69ed4a8b48d78b817d50a6d7b90 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472878 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-03-03 18:46:50 +00:00
Zvonimir Pavlinovic	af2e0f8da3	data/excluded: batch add GO-2023-1604, GO-2023-1603 Fixes golang/vulndb#1604 Fixes golang/vulndb#1603 Change-Id: I257e375ac91a6ee11568570be2f2754e7390f7d8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473056 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-03-03 18:21:11 +00:00
Tatiana Bradley	bf869dde20	internal/database: add representation of v1 database schema Adds a struct, Database, which represents a Go vulnerabililty database in the v1 schema. Also adds test data (which will be used by functions in later CLs), and tests for marshaling and unmarshaling this struct. For golang/go#58816 Change-Id: Iea453227008cf68a9f43889b10fedd56953ba3f3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472877 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>	2023-03-03 17:18:40 +00:00
Zvonimir Pavlinovic	7ff99c73f8	data/reports: add GO-2023-1602.yaml Aliases: CVE-2023-26483, GHSA-6gc3-crp7-25w5 Fixes golang/vulndb#1602 Change-Id: I30cbaf0cbe110435a4ce49d36bc32bf89db1688b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/473057 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-03-03 17:17:54 +00:00
Zvonimir Pavlinovic	0310a8784e	data/reports: add GO-2023-1600.yaml Aliases: CVE-2023-26047, GHSA-p2pf-g8cq-3gq5 Fixes golang/vulndb#1600 Change-Id: I0d3fa1f1ee4eed4f4ccd9515afd53b37545bbc06 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472735 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-03-02 00:34:41 +00:00
Zvonimir Pavlinovic	4077696fe1	data/reports: add GO-2023-1597.yaml Aliases: CVE-2023-26046, GHSA-9f95-hhg4-pg4f Updates golang/vulndb#1597 Change-Id: I59524a5160e7d68d0e65fbaa5527f4ba4eaf144d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472716 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-03-02 00:34:19 +00:00
Zvonimir Pavlinovic	67f6bce3f9	data/excluded: batch add GO-2023-1599, GO-2023-1598 Fixes golang/vulndb#1599 Fixes golang/vulndb#1598 Change-Id: I44ea778bd9fab9a92af82c50973539d3b29be8b7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472715 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>	2023-03-01 23:38:42 +00:00
Damien Neil	11c9bd8b0e	data/reports: add GO-2023-1595.yaml Aliases: CVE-2023-24533 Updates golang/vulndb#1595 Change-Id: I37356016a3a6a99686877dfea6232744aa03c808 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471795 Run-TryBot: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-28 22:54:56 +00:00
Zvonimir Pavlinovic	d042e1e0c6	data/excluded: batch add GO-2023-1596 Fixes golang/vulndb#1596 Change-Id: Ic25686dc797b9bfee73dbfe05e399d0025267f74 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/472335 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-02-28 22:28:54 +00:00
Damien Neil	079d1b3be9	data/excluded: batch add excluded reports Fixes golang/vulndb#1593 Fixes golang/vulndb#1591 Fixes golang/vulndb#1590 Fixes golang/vulndb#1582 Fixes golang/vulndb#1581 Fixes golang/vulndb#1594 Fixes golang/vulndb#1587 Fixes golang/vulndb#1586 Fixes golang/vulndb#1585 Fixes golang/vulndb#1584 Fixes golang/vulndb#1592 Fixes golang/vulndb#1583 Change-Id: Iaa24fd756a07ae88d6a8e4b97be0a6b31247c6ed Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471796 Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>	2023-02-28 22:00:36 +00:00
Tatiana Bradley	a8b10a0e19	data/reports: add additional affected module to GO-2022-0463, GO-2022-0572, GO-2022-0569 Adds "github.com/astaxie/beego", which is also affected by these vulnerabilities. Thanks to Ludovic Lang @ ControlPlane for reporting. Change-Id: I008aac19dc5373d742b2a0c4fadd55319e026e3f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471777 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-02-28 17:16:51 +00:00
Tatiana Bradley	9d26215ff0	internal/database: move legacy database code to package legacydb Adds a new package "legacydb" to contain all code related to generating and validating the Go vulnerability database according to the legacy schema, which will be replaced soon. This will make it easier to delete this code once it is no longer needed. Change-Id: Iaf57213fd720d8d9293c018b1f302928dd239bf8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/471215 Reviewed-by: Julie Qiu <julieqiu@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-27 16:26:22 +00:00
Damien Neil	5e75194a27	data/reports: add GHSAs for GO-2023-1571, GO-2023-1572 For golang/vulndb#1571 For golang/vulndb#1572 Change-Id: I5400ea718f2a173361c5c8cbd91d32862d16644f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/470375 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Damien Neil <dneil@google.com> Auto-Submit: Damien Neil <dneil@google.com>	2023-02-22 20:13:12 +00:00
Tatiana Bradley	8cb59f0eba	data/reports: add GO-2023-1569.yaml Aliases: CVE-2022-41725 Updates golang/vulndb#1569 Change-Id: I83b52241f0bbe8f5f247284bd6e6b03dd6edb133 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468898 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-02-21 20:44:30 +00:00
Tim King	413c36fb40	all: pull the most recent version of vuln Change-Id: I866e9c55973f7a2a921a0cc762a593dbbb16b29d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/469101 TryBot-Result: Gopher Robot <gobot@golang.org> Auto-Submit: Tim King <taking@google.com> Run-TryBot: Tim King <taking@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>	2023-02-17 21:16:36 +00:00
Tim King	15cb3c90a6	data/reports: add GO-2023-1578.yaml Aliases: CVE-2023-0475, GHSA-jpxj-2jvg-6jv9 Fixes golang/vulndb#1578 Change-Id: I9bd8aee8936a9c166f3e6eb85613eb29954bc7ea Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/469100 Run-TryBot: Tim King <taking@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> Auto-Submit: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-17 21:16:15 +00:00
Tim King	4aae72da45	data/reports: add GO-2023-1574.yaml Aliases: CVE-2023-25173, GHSA-hmfx-3pcx-653p Fixes golang/vulndb#1574 Change-Id: Ia0fe55d91d704974b9df0da6aaf5be72d9528b2a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/469099 Run-TryBot: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-02-17 20:52:58 +00:00
Tim King	ece9a054ca	data/reports: add GO-2023-1573.yaml Aliases: CVE-2023-25153, GHSA-259w-8hf6-59c2 Fixes golang/vulndb#1573 Change-Id: I89f90695dd813ea446fb2ed6e521edb4075173ab Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468995 Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-17 19:16:59 +00:00
Tim King	2d838f9120	data/excluded: batch add GO-2023-1577, GO-2023-1560 Fixes golang/vulndb#1577 Fixes golang/vulndb#1560 Change-Id: Ibf3f6ce099450132308f668172d1cc61a44f5932 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468975 Auto-Submit: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tim King <taking@google.com>	2023-02-17 00:27:58 +00:00
Tatiana Bradley	bbfff9b945	data/reports: add GO-2023-1571.yaml Aliases: CVE-2022-41723 Updates golang/vulndb#1571 Change-Id: Iec81cb886f5e67d37f5b484f59e257431bde4690 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468900 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>	2023-02-16 22:31:36 +00:00
Tatiana Bradley	ba363690f1	data/reports: add GO-2023-1572.yaml Aliases: CVE-2022-41727 Updates golang/vulndb#1572 Change-Id: I5feb10dc0c30c225ce161c21ee6a3c86bbab665e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468901 TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-02-16 22:25:24 +00:00
Tatiana Bradley	b7ef72b1f2	data/reports: add GO-2023-1570.yaml Aliases: CVE-2022-41724 Updates golang/vulndb#1570 Change-Id: I0efdb318fe432ec425e7d018228ebba8c23429b2 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468899 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-02-16 22:24:51 +00:00
Tatiana Bradley	67a475b3fe	data/reports: add GO-2023-1549.yaml Aliases: CVE-2023-0229, GHSA-5465-xc2j-6p84 Fixes golang/vulndb#1549 Change-Id: I02fb373c8f0367274d6e6995d62d47518da24ca7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468896 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-02-16 21:56:10 +00:00
Tatiana Bradley	dc6d92fa4c	data/reports: add GO-2023-1568.yaml Aliases: CVE-2022-41722 Updates golang/vulndb#1568 Change-Id: Icd6550b10b66ff6fa223c1aad0f7ec33378f89b2 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468555 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com>	2023-02-16 19:49:19 +00:00
Tatiana Bradley	6b5bc57fc4	cmd/vulnreport, internal/report: fix handling of stdlib Fixes two issues with vulnreport's handling of reports in the standard library: - No longer overwrites package name with "std" - No longer populates "cves" field if cve_metadata is present (cve_metadata indicates we assigned the CVE) Change-Id: I75892fe2464d54fb9e3e6d077518e5e602103c1b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468895 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-16 19:02:24 +00:00
Tim King	82fb89b398	data/reports: add GO-2023-1567.yaml Aliases: GHSA-qpm3-vr34-h8w8 Fixes golang/vulndb#1567 Change-Id: Ic5c65e969a95e9dbf62a278b9fbe749649c33a8d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468696 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tim King <taking@google.com>	2023-02-16 18:37:09 +00:00
Tim King	94a19175cb	data/excluded: batch add GO-2023-1565, GO-2023-1564, GO-2023-1563, GO-2023-1562 Fixes golang/vulndb#1565 Fixes golang/vulndb#1564 Fixes golang/vulndb#1563 Fixes golang/vulndb#1562 Change-Id: I9506decbd7be76979471ef2b2dc3a078f90ca105 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468595 Run-TryBot: Tim King <taking@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-16 18:29:04 +00:00
Tim King	78419f21ce	data/reports: add GO-2023-1566.yaml Aliases: CVE-2022-25978, GHSA-9w8x-5hv5-r6gw Fixes golang/vulndb#1566 Change-Id: Ic830c62f8b06c3637a642af94d50ec50c2347ad7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468637 Run-TryBot: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Damien Neil <dneil@google.com>	2023-02-15 23:55:24 +00:00
Tatiana Bradley	a72c845b48	data/reports: add GO-2023-1548.yaml Aliases: CVE-2023-25163, GHSA-mv6w-j4xc-qpfw Fixes golang/vulndb#1548 Change-Id: If5f4bbf6af4926b0e531d3198e05918d02050dac Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468316 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tim King <taking@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com>	2023-02-15 16:43:39 +00:00
Maceo Thompson	48f52afeb1	data/reports: add GO-2023-1559.yaml Aliases: CVE-2023-23631, GHSA-4gj3-6r43-3wfc Fixes golang/vulndb#1559 Change-Id: I99c6b535dd0e90b80ec32060215abe064faa5e99 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/468177 Run-TryBot: Maceo Thompson <maceothompson@google.com> Reviewed-by: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>	2023-02-14 19:41:30 +00:00

1 2 3 4 5 ...

1201 Коммитов Все ветки Поиск

1201 Коммитов

Все ветки