all: switch to the new shared vuln schema
Change-Id: Ibbbf153cc8078884bf9ac5a3a8b01a75894abb17
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055915
Reviewed-by: Roland Shoemaker <bracewell@google.com>
diff --git a/client/client.go b/client/client.go
index 69a6570..244d0d3 100644
--- a/client/client.go
+++ b/client/client.go
@@ -141,7 +141,7 @@
} else if len(cached) != 0 {
var stale bool
for _, c := range cached {
- if c.LastModified.Before(lastModified) {
+ if c.Modified.Before(lastModified) {
stale = true
break
}
diff --git a/client/client_test.go b/client/client_test.go
index b256bdf..eef1e3a 100644
--- a/client/client_test.go
+++ b/client/client_test.go
@@ -54,9 +54,9 @@
return func() Cache {
c := &fsCache{}
e := &osv.Entry{
- ID: "ID2",
- Summary: "cached",
- LastModified: time.Now(),
+ ID: "ID2",
+ Details: "cached",
+ Modified: time.Now(),
}
c.WriteEntries(dbName, "golang.org/example/two", []*osv.Entry{e})
return c
@@ -138,8 +138,8 @@
}
for _, v := range vulns {
- if s, ok := test.summaries[v.ID]; !ok || v.Summary != s {
- t.Errorf("want '%s' summary for vuln with id %v in %s; got '%s'", s, v.ID, test.name, v.Summary)
+ if s, ok := test.summaries[v.ID]; !ok || v.Details != s {
+ t.Errorf("want '%s' summary for vuln with id %v in %s; got '%s'", s, v.ID, test.name, v.Details)
}
}
}
diff --git a/cmd/gendb/main.go b/cmd/gendb/main.go
index 17bddf2..5c02064 100644
--- a/cmd/gendb/main.go
+++ b/cmd/gendb/main.go
@@ -91,8 +91,8 @@
fail(fmt.Sprintf("failed to write %q: %s", outPath+".json", err))
}
for _, v := range vulns {
- if v.LastModified.After(index[path]) {
- index[path] = v.LastModified
+ if v.Modified.After(index[path]) {
+ index[path] = v.Modified
}
}
}
diff --git a/osv/json.go b/osv/json.go
index f0179ce..d5ea472 100644
--- a/osv/json.go
+++ b/osv/json.go
@@ -18,28 +18,10 @@
// vulndb implementatiion detail.
type DBIndex map[string]time.Time
-type Severity int
+type AffectsRangeType int
const (
- SevNone Severity = iota
- SevLow
- SevMedium
- SevHigh
- SevCritical
-)
-
-var strToSev = map[string]Severity{
- // "": SevNone,
- "low": SevLow,
- "medium": SevMedium,
- "high": SevHigh,
- "critical": SevCritical,
-}
-
-type Type int
-
-const (
- TypeUnspecified Type = iota
+ TypeUnspecified AffectsRangeType = iota
TypeGit
TypeSemver
)
@@ -54,7 +36,7 @@
}
type AffectsRange struct {
- Type Type
+ Type AffectsRangeType
Introduced string
Fixed string
}
@@ -113,19 +95,26 @@
URL string
}
+type Reference struct {
+ Type string
+ URL string
+}
+
// Entry represents a OSV style JSON vulnerability database
// entry
type Entry struct {
- ID string
- Package Package
- Summary string
- Details string
- Severity Severity
- Affects Affects
- ReferenceURLs []string `json:"reference_urls,omitempty"`
- Aliases []string `json:",omitempty"`
- EcosystemSpecific GoSpecific `json:"ecosystem_specific,omitempty"`
- LastModified time.Time `json:"last_modified"`
+ ID string
+ Published time.Time
+ Modified time.Time
+ Withdrawn *time.Time
+ Aliases []string `json:",omitempty"`
+ Package Package
+ Details string
+ Affects Affects
+ References []Reference `json:",omitempty"`
+ Extra struct {
+ Go GoSpecific
+ }
}
func Generate(id string, url string, r report.Report) []Entry {
@@ -133,39 +122,39 @@
if r.Package != "" {
importPath = r.Package
}
+ lastModified := r.Published
+ if r.LastModified != nil {
+ lastModified = *r.LastModified
+ }
entry := Entry{
- ID: id,
+ ID: id,
+ Published: r.Published,
+ Modified: lastModified,
+ Withdrawn: r.Withdrawn,
Package: Package{
Name: importPath,
Ecosystem: GoEcosystem,
},
- Summary: "", // TODO: think if we want to populate this in reports
- Details: r.Description,
- Affects: generateAffects(r.Versions),
- LastModified: time.Now(),
- EcosystemSpecific: GoSpecific{
- Symbols: r.Symbols,
- GOOS: r.OS,
- GOARCH: r.Arch,
- URL: url,
+ Details: r.Description,
+ Affects: generateAffects(r.Versions),
+ Extra: struct{ Go GoSpecific }{
+ Go: GoSpecific{
+ Symbols: r.Symbols,
+ GOOS: r.OS,
+ GOARCH: r.Arch,
+ URL: url,
+ },
},
}
- if r.Severity != "" {
- entry.Severity = strToSev[r.Severity]
- } else {
- // Default to medium or none?
- entry.Severity = SevMedium
- }
-
if r.Links.PR != "" {
- entry.ReferenceURLs = append(entry.ReferenceURLs, r.Links.PR)
+ entry.References = append(entry.References, Reference{Type: "code review", URL: r.Links.PR})
}
if r.Links.Commit != "" {
- entry.ReferenceURLs = append(entry.ReferenceURLs, r.Links.Commit)
+ entry.References = append(entry.References, Reference{Type: "fix", URL: r.Links.Commit})
}
- if r.Links.Context != nil {
- entry.ReferenceURLs = append(entry.ReferenceURLs, r.Links.Context...)
+ for _, link := range r.Links.Context {
+ entry.References = append(entry.References, Reference{Type: "misc", URL: link})
}
if r.CVE != "" {
@@ -174,7 +163,7 @@
entries := []Entry{entry}
- // It would be better if this was just a recursive thing probably
+ // It would be better if this was just a recursive thing maybe?
for _, additional := range r.AdditionalPackages {
entryCopy := entry
additionalImportPath := additional.Module
@@ -182,7 +171,7 @@
additionalImportPath = additional.Package
}
entryCopy.Package.Name = additionalImportPath
- entryCopy.EcosystemSpecific.Symbols = additional.Symbols
+ entryCopy.Extra.Go.Symbols = additional.Symbols
entryCopy.Affects = generateAffects(additional.Versions)
entries = append(entries, entryCopy)
diff --git a/osv/json_test.go b/osv/json_test.go
index 7af05f9..545c8df 100644
--- a/osv/json_test.go
+++ b/osv/json_test.go
@@ -38,7 +38,6 @@
{Introduced: "v2.5.0"},
},
Description: "It's a real bad one, I'll tell you that",
- Severity: "medium",
CVE: "CVE-0000-0000",
Credit: "ignored",
Symbols: []string{"A", "B.b"},
@@ -62,8 +61,7 @@
Name: "example.com/vulnerable/v2",
Ecosystem: "go",
},
- Details: "It's a real bad one, I'll tell you that",
- Severity: 2,
+ Details: "It's a real bad one, I'll tell you that",
Affects: Affects{
Ranges: []AffectsRange{
{
@@ -81,18 +79,20 @@
},
},
},
- ReferenceURLs: []string{
- "pr",
- "commit",
- "issue-a",
- "issue-b",
+ References: []Reference{
+ Reference{Type: "code review", URL: "pr"},
+ Reference{Type: "fix", URL: "commit"},
+ Reference{Type: "misc", URL: "issue-a"},
+ Reference{Type: "misc", URL: "issue-b"},
},
Aliases: []string{"CVE-0000-0000"},
- EcosystemSpecific: GoSpecific{
- Symbols: []string{"A", "B.b"},
- GOOS: []string{"windows"},
- GOARCH: []string{"arm64"},
- URL: "https://vulns.golang.org/GO-1991-0001.html",
+ Extra: struct{ Go GoSpecific }{
+ Go: GoSpecific{
+ Symbols: []string{"A", "B.b"},
+ GOOS: []string{"windows"},
+ GOARCH: []string{"arm64"},
+ URL: "https://vulns.golang.org/GO-1991-0001.html",
+ },
},
},
{
@@ -102,8 +102,7 @@
Name: "vanity.host/vulnerable/package",
Ecosystem: "go",
},
- Details: "It's a real bad one, I'll tell you that",
- Severity: 2,
+ Details: "It's a real bad one, I'll tell you that",
Affects: Affects{
Ranges: []AffectsRange{
{
@@ -121,18 +120,20 @@
},
},
},
- ReferenceURLs: []string{
- "pr",
- "commit",
- "issue-a",
- "issue-b",
+ References: []Reference{
+ Reference{Type: "code review", URL: "pr"},
+ Reference{Type: "fix", URL: "commit"},
+ Reference{Type: "misc", URL: "issue-a"},
+ Reference{Type: "misc", URL: "issue-b"},
},
Aliases: []string{"CVE-0000-0000"},
- EcosystemSpecific: GoSpecific{
- Symbols: []string{"b", "A.b"},
- GOOS: []string{"windows"},
- GOARCH: []string{"arm64"},
- URL: "https://vulns.golang.org/GO-1991-0001.html",
+ Extra: struct{ Go GoSpecific }{
+ Go: GoSpecific{
+ Symbols: []string{"b", "A.b"},
+ GOOS: []string{"windows"},
+ GOARCH: []string{"arm64"},
+ URL: "https://vulns.golang.org/GO-1991-0001.html",
+ },
},
},
}
diff --git a/report/lint.go b/report/lint.go
index b03981a..7467e97 100644
--- a/report/lint.go
+++ b/report/lint.go
@@ -126,6 +126,11 @@
var cveRegex = regexp.MustCompile(`^CVE-\d{4}-\d{4,}$`)
+// Lint checks the content of a Report.
+// TODO: instead of returning a single error we may want to return a slice, so that
+// we aren't fixing one thing at a time. Similarly it might make sense to include
+// warnings or informational things alongside errors, especially during for use
+// during the triage process.
func (vuln *Report) Lint() error {
var importPath string
if !vuln.Stdlib {
@@ -184,17 +189,12 @@
return errors.New("missing description")
}
- sevs := map[string]bool{
- "low": true,
- "medium": true,
- "high": true,
- "critical": true,
+ if vuln.Published.IsZero() {
+ return errors.New("missing published")
}
- // Could also just default to medium if not provided?
- // Need to document what the default case is and what factors lower
- // or raise the sev
- if vuln.Severity != "" && !sevs[vuln.Severity] {
- return fmt.Errorf("unknown severity %q", vuln.Severity)
+
+ if vuln.LastModified != nil && vuln.LastModified.Before(vuln.Published) {
+ return errors.New("last_modified is before published")
}
if vuln.CVE != "" && vuln.CVEMetadata != nil && vuln.CVEMetadata.ID != "" {
@@ -203,7 +203,16 @@
}
if vuln.CVE != "" && !cveRegex.MatchString(vuln.CVE) {
- return fmt.Errorf("malformed CVE number: %s", vuln.CVE)
+ return fmt.Errorf("malformed cve: %s", vuln.CVE)
+ }
+
+ if vuln.CVEMetadata != nil {
+ if vuln.CVEMetadata.ID == "" {
+ return errors.New("cve_metadata.id is required")
+ }
+ if !cveRegex.MatchString(vuln.CVEMetadata.ID) {
+ return fmt.Errorf("malformed cve_metadata.id: %s", vuln.CVEMetadata.ID)
+ }
}
return nil
diff --git a/report/report.go b/report/report.go
index 0609a1f..e8217fd 100644
--- a/report/report.go
+++ b/report/report.go
@@ -35,8 +35,8 @@
Versions []VersionRange
Description string
Published time.Time
- LastModified time.Time `toml:"last_modified"`
- Severity string
+ LastModified *time.Time `toml:"last_modified"`
+ Withdrawn *time.Time
CVE string
Credit string
Symbols []string
diff --git a/reports/GO-2020-0001.toml b/reports/GO-2020-0001.toml
index 5b79643..a8a692a 100644
--- a/reports/GO-2020-0001.toml
+++ b/reports/GO-2020-0001.toml
@@ -12,6 +12,8 @@
# Test symbol inclusion by making a gin handler without Default or Logger.
symbols = ["defaultLogFormatter"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
# v1.5.1 doesn't exist? not sure how `go mod` is picking this pseudoversion
fixed = "v1.6.0"
@@ -21,7 +23,7 @@
commit = "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
[cve_metadata]
-id = "CVE-XXXX-0001"
+id = "CVE-9999-0001"
description = """
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0
allows remote attackers to inject arbitary log lines.
diff --git a/reports/GO-2020-0002.toml b/reports/GO-2020-0002.toml
index 645013e..2742265 100644
--- a/reports/GO-2020-0002.toml
+++ b/reports/GO-2020-0002.toml
@@ -10,6 +10,8 @@
credit = "Ulrich Obergfell <uobergfe@redhat.com>"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.1.1"
diff --git a/reports/GO-2020-0003.toml b/reports/GO-2020-0003.toml
index ac8f71a..c60d881 100644
--- a/reports/GO-2020-0003.toml
+++ b/reports/GO-2020-0003.toml
@@ -9,6 +9,8 @@
credit = "@SYM01"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.0"
@@ -18,7 +20,7 @@
context = ["https://github.com/revel/revel/issues/1424"]
[cve_metadata]
-id = "CVE-XXXX-0002"
+id = "CVE-9999-0002"
description = """
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0
allows remote attackers to cause resource exhaustion via memory allocation.
diff --git a/reports/GO-2020-0004.toml b/reports/GO-2020-0004.toml
index 09d38e3..34f0509 100644
--- a/reports/GO-2020-0004.toml
+++ b/reports/GO-2020-0004.toml
@@ -13,6 +13,8 @@
symbols = ["Auth.ServerHTTP", "Auth.ListenAndServeTLS", "Auth.ListenAndServe"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = "v0.0.0-20160722212129-ac0cc4484ad4"
fixed = "v0.0.0-20200131131040-063a3fb69896"
@@ -22,7 +24,7 @@
commit = "https://github.com/nanobox-io/golang-nanoauth/commit/063a3fb69896acf985759f0fe3851f15973993f3"
[cve_metadata]
-id = "CVE-XXXX-0003"
+id = "CVE-9999-0003"
description = """
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between
v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe
diff --git a/reports/GO-2020-0005.toml b/reports/GO-2020-0005.toml
index 9440649..3500b5a 100644
--- a/reports/GO-2020-0005.toml
+++ b/reports/GO-2020-0005.toml
@@ -13,6 +13,8 @@
symbols = ["WAL.ReadAll", "decoder.decodeRecord"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.0-alpha.5.0.20200423152442-f4b650b51dc4"
diff --git a/reports/GO-2020-0006.toml b/reports/GO-2020-0006.toml
index 0d8c3a9..033c873 100644
--- a/reports/GO-2020-0006.toml
+++ b/reports/GO-2020-0006.toml
@@ -12,6 +12,8 @@
symbols = ["Server.serveTCP"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.4-0.20180125103619-43913f2f4fbd"
diff --git a/reports/GO-2020-0007.toml b/reports/GO-2020-0007.toml
index 6ea9ec4..c512cfe 100644
--- a/reports/GO-2020-0007.toml
+++ b/reports/GO-2020-0007.toml
@@ -14,6 +14,8 @@
symbols = ["ScmpFilter.addRuleGeneric"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.9.1-0.20170424173420-06e7a29f36a3"
diff --git a/reports/GO-2020-0008.toml b/reports/GO-2020-0008.toml
index 2c9c0e0..2af3801 100644
--- a/reports/GO-2020-0008.toml
+++ b/reports/GO-2020-0008.toml
@@ -10,6 +10,8 @@
symbols = ["id"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.25-0.20191211073109-8ebf2e419df7"
diff --git a/reports/GO-2020-0009.toml b/reports/GO-2020-0009.toml
index 6d82d8c..1134475 100644
--- a/reports/GO-2020-0009.toml
+++ b/reports/GO-2020-0009.toml
@@ -29,6 +29,8 @@
symbols = ["cbcAEAD.computeAuthTag"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20160903044734-789a4c4bd4c1"
diff --git a/reports/GO-2020-0010.toml b/reports/GO-2020-0010.toml
index 8ffc970..176957c 100644
--- a/reports/GO-2020-0010.toml
+++ b/reports/GO-2020-0010.toml
@@ -13,6 +13,8 @@
symbols = ["DeriveECDHES", "ecDecrypterSigner.decryptKey", "rawJsonWebKey.ecPublicKey"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20160831185616-c7581939a365"
diff --git a/reports/GO-2020-0011.toml b/reports/GO-2020-0011.toml
index 8638953..ccfc9bf 100644
--- a/reports/GO-2020-0011.toml
+++ b/reports/GO-2020-0011.toml
@@ -14,6 +14,8 @@
symbols = ["JsonWebEncryption.Decrypt", "JsonWebSignature.Verify"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20160922232413-2c5656adca99"
diff --git a/reports/GO-2020-0012.toml b/reports/GO-2020-0012.toml
index 49c706f..bca86d3 100644
--- a/reports/GO-2020-0012.toml
+++ b/reports/GO-2020-0012.toml
@@ -13,6 +13,8 @@
symbols = ["parseED25519", "ed25519PublicKey.Verify", "parseSKEd25519", "skEd25519PublicKey.Verify", "NewPublicKey"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20200220183623-bac4c82f6975"
diff --git a/reports/GO-2020-0013.toml b/reports/GO-2020-0013.toml
index b3741d4..33abc6b 100644
--- a/reports/GO-2020-0013.toml
+++ b/reports/GO-2020-0013.toml
@@ -13,6 +13,8 @@
symbols = ["NewClientConn"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20170330155735-e4e2799dd7aa"
diff --git a/reports/GO-2020-0014.toml b/reports/GO-2020-0014.toml
index 89f4c78..2d96722 100644
--- a/reports/GO-2020-0014.toml
+++ b/reports/GO-2020-0014.toml
@@ -11,6 +11,8 @@
symbols = ["inSelectIM", "inSelectInTableIM"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20190125091013-d26f9f9a57f3"
diff --git a/reports/GO-2020-0015.toml b/reports/GO-2020-0015.toml
index bf0170e..d630e56 100644
--- a/reports/GO-2020-0015.toml
+++ b/reports/GO-2020-0015.toml
@@ -16,6 +16,8 @@
symbols = ["utf16Decoder.Transform"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.3.3"
diff --git a/reports/GO-2020-0016.toml b/reports/GO-2020-0016.toml
index 177c9ef..4fd51b6 100644
--- a/reports/GO-2020-0016.toml
+++ b/reports/GO-2020-0016.toml
@@ -9,6 +9,8 @@
symbols = ["readUvarint"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.8"
@@ -20,7 +22,7 @@
]
[cve_metadata]
-id = "CVE-XXXX-0004"
+id = "CVE-9999-0004"
description = """
Integer overflow in github.com/ulikunitz/xz before v0.5.8 allows attackers
to cause denial of service via maliciously crafted input.
diff --git a/reports/GO-2020-0017.toml b/reports/GO-2020-0017.toml
index 9010066..2e91a82 100644
--- a/reports/GO-2020-0017.toml
+++ b/reports/GO-2020-0017.toml
@@ -13,6 +13,8 @@
symbols = ["MapClaims.VerifyAudience"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = "v0.0.0-20150717181359-44718f8a89b0"
diff --git a/reports/GO-2020-0018.toml b/reports/GO-2020-0018.toml
index 510d8d5..7c0431b 100644
--- a/reports/GO-2020-0018.toml
+++ b/reports/GO-2020-0018.toml
@@ -11,6 +11,8 @@
symbols = ["NewV4", "rfc4122Generator.getClockSequence", "rfc4122Generator.getHardwareAddr"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.2.1-0.20181016170032-d91630c85102"
diff --git a/reports/GO-2020-0019.toml b/reports/GO-2020-0019.toml
index bf92f87..a72c7ee 100644
--- a/reports/GO-2020-0019.toml
+++ b/reports/GO-2020-0019.toml
@@ -13,6 +13,8 @@
symbols = ["Conn.advanceFrame", "messageReader.Read"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.4.1"
diff --git a/reports/GO-2020-0020.toml b/reports/GO-2020-0020.toml
index eac3e21..399ec85 100644
--- a/reports/GO-2020-0020.toml
+++ b/reports/GO-2020-0020.toml
@@ -10,6 +10,8 @@
symbols = ["cors.ServeHTTP"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.3.0"
@@ -18,7 +20,7 @@
commit = "https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145"
[cve_metadata]
-id = "CVE-XXXX-0005"
+id = "CVE-9999-0005"
description = """
"""
diff --git a/reports/GO-2020-0021.toml b/reports/GO-2020-0021.toml
index e6c148b..604b952 100644
--- a/reports/GO-2020-0021.toml
+++ b/reports/GO-2020-0021.toml
@@ -11,6 +11,8 @@
symbols = ["GetIssues", "SearchRepositoryByName", "SearchUserByName"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.8"
diff --git a/reports/GO-2020-0022.toml b/reports/GO-2020-0022.toml
index ea5fa71..e05889c 100644
--- a/reports/GO-2020-0022.toml
+++ b/reports/GO-2020-0022.toml
@@ -10,6 +10,8 @@
symbols = ["Uncompress"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20140711154735-199f5f787806"
diff --git a/reports/GO-2020-0023.toml b/reports/GO-2020-0023.toml
index b1d637a..a1b3bf9 100644
--- a/reports/GO-2020-0023.toml
+++ b/reports/GO-2020-0023.toml
@@ -8,6 +8,8 @@
symbols = ["Algorithm.validateSignature"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20170426191122-ca1404ee6e83"
diff --git a/reports/GO-2020-0024.toml b/reports/GO-2020-0024.toml
index 14d244a..84d30c7 100644
--- a/reports/GO-2020-0024.toml
+++ b/reports/GO-2020-0024.toml
@@ -8,6 +8,8 @@
symbols = ["proxiedConn.LocalAddr", "proxiedConn.RemoteAddr"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20130808000456-233bccbb1abe"
diff --git a/reports/GO-2020-0025.toml b/reports/GO-2020-0025.toml
index cd0bb4f..5f60b90 100644
--- a/reports/GO-2020-0025.toml
+++ b/reports/GO-2020-0025.toml
@@ -8,6 +8,8 @@
symbols = ["tgzExtractor.Extract", "zipExtractor.Extract"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20180523222229-09b5706aa936"
diff --git a/reports/GO-2020-0026.toml b/reports/GO-2020-0026.toml
index 8734566..3fe93a7 100644
--- a/reports/GO-2020-0026.toml
+++ b/reports/GO-2020-0026.toml
@@ -11,6 +11,8 @@
symbols = ["stiTar.ExtractTarStreamFromTarReader", "stiTar.extractLink", "New"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.10-0.20180427153919-f5cbcbc5cc6f"
diff --git a/reports/GO-2020-0027.toml b/reports/GO-2020-0027.toml
index d10fdfa..cb3bf00 100644
--- a/reports/GO-2020-0027.toml
+++ b/reports/GO-2020-0027.toml
@@ -11,6 +11,8 @@
symbols = ["NewHandle", "SetProcessPrivileges", "Handle.StopAsPamUser"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.2.4"
diff --git a/reports/GO-2020-0028.toml b/reports/GO-2020-0028.toml
index c7ef35e..40ca6fa 100644
--- a/reports/GO-2020-0028.toml
+++ b/reports/GO-2020-0028.toml
@@ -11,6 +11,8 @@
symbols = ["setTA"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.10"
diff --git a/reports/GO-2020-0029.toml b/reports/GO-2020-0029.toml
index 096eb2d..b832ad2 100644
--- a/reports/GO-2020-0029.toml
+++ b/reports/GO-2020-0029.toml
@@ -9,6 +9,8 @@
symbols = ["Context.ClientIP"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20141229113116-0099840c98ae"
diff --git a/reports/GO-2020-0030.toml b/reports/GO-2020-0030.toml
index 4a6f391..39793eb 100644
--- a/reports/GO-2020-0030.toml
+++ b/reports/GO-2020-0030.toml
@@ -9,6 +9,8 @@
symbols = ["Scope.buildCondition"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.2.0"
diff --git a/reports/GO-2020-0031.toml b/reports/GO-2020-0031.toml
index 0c3a8bb..c629c7d 100644
--- a/reports/GO-2020-0031.toml
+++ b/reports/GO-2020-0031.toml
@@ -7,6 +7,8 @@
cve = "CVE-2020-8945"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.1.1"
diff --git a/reports/GO-2020-0032.toml b/reports/GO-2020-0032.toml
index 2728a8c..e7c4e86 100644
--- a/reports/GO-2020-0032.toml
+++ b/reports/GO-2020-0032.toml
@@ -9,6 +9,8 @@
symbols = ["Controller.FileHandler"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.4.3"
@@ -29,7 +31,7 @@
pr = "https://github.com/goadesign/goa/pull/2388"
[cve_metadata]
-id = "CVE-XXXX-0012"
+id = "CVE-9999-0012"
description = """
Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or
v1.4.3 allow remote attackers to read files outside of the intended directory.
diff --git a/reports/GO-2020-0033.toml b/reports/GO-2020-0033.toml
index ed52790..691bbc6 100644
--- a/reports/GO-2020-0033.toml
+++ b/reports/GO-2020-0033.toml
@@ -9,6 +9,8 @@
symbols = ["HTTPEngine.Handle"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.12.4"
diff --git a/reports/GO-2020-0034.toml b/reports/GO-2020-0034.toml
index 87647bf..e490aab 100644
--- a/reports/GO-2020-0034.toml
+++ b/reports/GO-2020-0034.toml
@@ -7,6 +7,8 @@
symbols = ["Unzip.Extract"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.0"
diff --git a/reports/GO-2020-0035.toml b/reports/GO-2020-0035.toml
index 2691849..c104eee 100644
--- a/reports/GO-2020-0035.toml
+++ b/reports/GO-2020-0035.toml
@@ -7,6 +7,8 @@
symbols = ["Unzip.Extract"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.3-0.20200308084313-2adbaa4891b9"
diff --git a/reports/GO-2020-0036.toml b/reports/GO-2020-0036.toml
index 01c1861..9ca2659 100644
--- a/reports/GO-2020-0036.toml
+++ b/reports/GO-2020-0036.toml
@@ -9,9 +9,16 @@
symbols = ["yaml_parser_fetch_more_tokens"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v2.2.8"
+# [[additional_packages]]
+# module = "github.com/go-yaml/yaml"
+# [[additional_packages.versions]]
+# fixed = "v2.2.8+incompatible"
+
[links]
commit = "https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48"
pr = "https://github.com/go-yaml/yaml/pull/555"
diff --git a/reports/GO-2020-0037.toml b/reports/GO-2020-0037.toml
index 657c7d4..6918a9a 100644
--- a/reports/GO-2020-0037.toml
+++ b/reports/GO-2020-0037.toml
@@ -10,6 +10,8 @@
symbols = ["makeHTTPClient"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.31.1"
diff --git a/reports/GO-2020-0038.toml b/reports/GO-2020-0038.toml
index f2e86c8..09c13a1 100644
--- a/reports/GO-2020-0038.toml
+++ b/reports/GO-2020-0038.toml
@@ -10,6 +10,8 @@
symbols = ["Conn.handleIncomingPacket"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.5.2"
diff --git a/reports/GO-2020-0039.toml b/reports/GO-2020-0039.toml
index 00beb88..d1d1ff7 100644
--- a/reports/GO-2020-0039.toml
+++ b/reports/GO-2020-0039.toml
@@ -11,6 +11,8 @@
symbols = ["staticHandler"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.3.7"
diff --git a/reports/GO-2020-0040.toml b/reports/GO-2020-0040.toml
index 0e4e0b6..42cdddb 100644
--- a/reports/GO-2020-0040.toml
+++ b/reports/GO-2020-0040.toml
@@ -7,5 +7,7 @@
credit = "@hMihaiDavid"
+published = "2021-04-14T12:00:00Z"
+
[links]
context = ["https://github.com/shiyanhui/dht/issues/57"]
\ No newline at end of file
diff --git a/reports/GO-2020-0041.toml b/reports/GO-2020-0041.toml
index a4b5a28..6d81b88 100644
--- a/reports/GO-2020-0041.toml
+++ b/reports/GO-2020-0041.toml
@@ -11,6 +11,8 @@
symbols = ["TzArchive.syncFiles", "TzArchive.ExtractToFunc"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.1"
diff --git a/reports/GO-2020-0042.toml b/reports/GO-2020-0042.toml
index 4e1149c..fa9bc32 100644
--- a/reports/GO-2020-0042.toml
+++ b/reports/GO-2020-0042.toml
@@ -11,6 +11,8 @@
symbols = ["Extract"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.1.0"
diff --git a/reports/GO-2020-0043.toml b/reports/GO-2020-0043.toml
index dcebbc9..eea6cb8 100644
--- a/reports/GO-2020-0043.toml
+++ b/reports/GO-2020-0043.toml
@@ -12,6 +12,8 @@
symbols = ["httpContext.MakeServers", "Server.serveHTTP", "assertConfigsCompatible"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.10.13"
diff --git a/reports/GO-2020-0044.toml b/reports/GO-2020-0044.toml
index 2245a3f..88c44a3 100644
--- a/reports/GO-2020-0044.toml
+++ b/reports/GO-2020-0044.toml
@@ -8,6 +8,8 @@
credit = "@Kevil-hui"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.12.2"
diff --git a/reports/GO-2020-0045.toml b/reports/GO-2020-0045.toml
index a59341b..f63ba87 100644
--- a/reports/GO-2020-0045.toml
+++ b/reports/GO-2020-0045.toml
@@ -9,6 +9,8 @@
symbols = ["randomBytes"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.3.0"
diff --git a/reports/GO-2020-0046.toml b/reports/GO-2020-0046.toml
index d49ebb9..d2c6e03 100644
--- a/reports/GO-2020-0046.toml
+++ b/reports/GO-2020-0046.toml
@@ -11,6 +11,8 @@
symbols = ["ValidationContext.validateSignature"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.0"
diff --git a/reports/GO-2020-0047.toml b/reports/GO-2020-0047.toml
index 2bb9d41..7bc59f6 100644
--- a/reports/GO-2020-0047.toml
+++ b/reports/GO-2020-0047.toml
@@ -8,5 +8,7 @@
symbols = ["AuthnRequest.Validate", "NewAuthnRequest", "NewSignedResponse"]
+published = "2021-04-14T12:00:00Z"
+
[links]
context = ["https://github.com/RobotsAndPencils/go-saml/pull/38"]
\ No newline at end of file
diff --git a/reports/GO-2020-0048.toml b/reports/GO-2020-0048.toml
index c043f23..61c13cf 100644
--- a/reports/GO-2020-0048.toml
+++ b/reports/GO-2020-0048.toml
@@ -12,6 +12,8 @@
symbols = ["LoadURL"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.3.1"
diff --git a/reports/GO-2020-0049.toml b/reports/GO-2020-0049.toml
index 4c34816..0abc8f1 100644
--- a/reports/GO-2020-0049.toml
+++ b/reports/GO-2020-0049.toml
@@ -8,6 +8,8 @@
symbols = ["VerifyToken", "verifyToken"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.1"
diff --git a/reports/GO-2020-0050.toml b/reports/GO-2020-0050.toml
index ed17357..6bf22be 100644
--- a/reports/GO-2020-0050.toml
+++ b/reports/GO-2020-0050.toml
@@ -11,6 +11,8 @@
symbols = ["ValidationContext.findSignature"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.0"
diff --git a/reports/GO-2021-0051.toml b/reports/GO-2021-0051.toml
index 813cbb9..e532c26 100644
--- a/reports/GO-2021-0051.toml
+++ b/reports/GO-2021-0051.toml
@@ -11,6 +11,8 @@
os = ["windows"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v4.1.18-0.20201215153152-4422e3b66b9f"
diff --git a/reports/GO-2021-0052.toml b/reports/GO-2021-0052.toml
index 36e56f8..ca3711f 100644
--- a/reports/GO-2021-0052.toml
+++ b/reports/GO-2021-0052.toml
@@ -11,6 +11,8 @@
symbols = ["Context.ClientIP"]
+published = "2021-04-14T12:00:00Z"
+
[links]
pr = "https://github.com/gin-gonic/gin/pull/2632"
context = ["https://github.com/gin-gonic/gin/pull/2474"]
\ No newline at end of file
diff --git a/reports/GO-2021-0053.toml b/reports/GO-2021-0053.toml
index 0afeafd..5ca5fe6 100644
--- a/reports/GO-2021-0053.toml
+++ b/reports/GO-2021-0053.toml
@@ -7,6 +7,8 @@
cve = "CVE-2021-3121"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.3.2"
diff --git a/reports/GO-2021-0054.toml b/reports/GO-2021-0054.toml
index c43c1b2..ea8d93b 100644
--- a/reports/GO-2021-0054.toml
+++ b/reports/GO-2021-0054.toml
@@ -10,6 +10,8 @@
symbols = ["unwrap"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.6.6"
diff --git a/reports/GO-2021-0056.toml b/reports/GO-2021-0056.toml
index 2bdbf20..df6f317 100644
--- a/reports/GO-2021-0056.toml
+++ b/reports/GO-2021-0056.toml
@@ -12,6 +12,8 @@
symbols = ["provider.HandlePOST"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20201214082111-324b1c886b40"
diff --git a/reports/GO-2021-0057.toml b/reports/GO-2021-0057.toml
index 65f0dd4..533835f 100644
--- a/reports/GO-2021-0057.toml
+++ b/reports/GO-2021-0057.toml
@@ -10,6 +10,8 @@
symbols = ["searchKeys"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.1.1"
diff --git a/reports/GO-2021-0058.toml b/reports/GO-2021-0058.toml
index fe1a648..4de94f5 100644
--- a/reports/GO-2021-0058.toml
+++ b/reports/GO-2021-0058.toml
@@ -16,6 +16,8 @@
"ServiceProvider.ValidateLogoutResponseRedirect"
]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.4.3"
diff --git a/reports/GO-2021-0059.toml b/reports/GO-2021-0059.toml
index 9a76db8..78f71ca 100644
--- a/reports/GO-2021-0059.toml
+++ b/reports/GO-2021-0059.toml
@@ -10,6 +10,8 @@
symbols = ["sqaush"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.6.4"
diff --git a/reports/GO-2021-0060.toml b/reports/GO-2021-0060.toml
index 1c3f9a2..2a4481c 100644
--- a/reports/GO-2021-0060.toml
+++ b/reports/GO-2021-0060.toml
@@ -11,6 +11,8 @@
symbols = ["parseResponse"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.6.0"
diff --git a/reports/GO-2021-0061.toml b/reports/GO-2021-0061.toml
index 5f8c518..57b03f9 100644
--- a/reports/GO-2021-0061.toml
+++ b/reports/GO-2021-0061.toml
@@ -9,9 +9,16 @@
symbols = ["decoder.unmarshal"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v2.2.3"
+[[additional_packages]]
+module = "github.com/go-yaml/yaml"
+[[additional_packages.versions]]
+fixed = "v2.2.3+incompatible"
+
[links]
commit = "https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241"
pr = "https://github.com/go-yaml/yaml/pull/375"
\ No newline at end of file
diff --git a/reports/GO-2021-0062.toml b/reports/GO-2021-0062.toml
index 0901cd4..ba24551 100644
--- a/reports/GO-2021-0062.toml
+++ b/reports/GO-2021-0062.toml
@@ -10,6 +10,8 @@
symbols = ["NewCustomResourceDefinitionHandler"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.17.0"
diff --git a/reports/GO-2021-0063.toml b/reports/GO-2021-0063.toml
index 15e9e71..53679da 100644
--- a/reports/GO-2021-0063.toml
+++ b/reports/GO-2021-0063.toml
@@ -12,6 +12,8 @@
symbols = ["serverHandler.handleMsg"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.9.25"
diff --git a/reports/GO-2021-0064.toml b/reports/GO-2021-0064.toml
index a15bb2f..6ca4884 100644
--- a/reports/GO-2021-0064.toml
+++ b/reports/GO-2021-0064.toml
@@ -12,6 +12,8 @@
symbols = ["requestInfo.toCurl"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.20.0-alpha.2"
diff --git a/reports/GO-2021-0065.toml b/reports/GO-2021-0065.toml
index 007e78b..0099ca9 100644
--- a/reports/GO-2021-0065.toml
+++ b/reports/GO-2021-0065.toml
@@ -10,6 +10,8 @@
symbols = ["debuggingRoundTripper.RoundTrip"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.17.0"
diff --git a/reports/GO-2021-0066.toml b/reports/GO-2021-0066.toml
index d31c7d8..ef5f965 100644
--- a/reports/GO-2021-0066.toml
+++ b/reports/GO-2021-0066.toml
@@ -12,6 +12,8 @@
symbols = ["readDockerConfigFileFromBytes", "readDockerConfigJSONFileFromBytes"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.20.0-alpha.1"
diff --git a/reports/GO-2021-0067.toml b/reports/GO-2021-0067.toml
index d23b609..fb877e4 100644
--- a/reports/GO-2021-0067.toml
+++ b/reports/GO-2021-0067.toml
@@ -11,6 +11,8 @@
symbols = ["toValidName"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = "go1.16"
fixed = "go1.16.1"
diff --git a/reports/GO-2021-0068.toml b/reports/GO-2021-0068.toml
index b58bfb0..9b9cfe6 100644
--- a/reports/GO-2021-0068.toml
+++ b/reports/GO-2021-0068.toml
@@ -15,6 +15,8 @@
credit = "RyotaK"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "go1.14.14"
diff --git a/reports/GO-2021-0069.toml b/reports/GO-2021-0069.toml
index 44a9efb..f90dd04 100644
--- a/reports/GO-2021-0069.toml
+++ b/reports/GO-2021-0069.toml
@@ -11,6 +11,8 @@
symbols = ["nat.divRecursiveStep"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = "go1.14"
fixed = "go1.14.12"
diff --git a/reports/GO-2021-0070.toml b/reports/GO-2021-0070.toml
index 4c4c940..b54a553 100644
--- a/reports/GO-2021-0070.toml
+++ b/reports/GO-2021-0070.toml
@@ -12,6 +12,8 @@
symbols = ["GetExecUser"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.1.0"
diff --git a/reports/GO-2021-0071.toml b/reports/GO-2021-0071.toml
index 5f7e9d9..38551c9 100644
--- a/reports/GO-2021-0071.toml
+++ b/reports/GO-2021-0071.toml
@@ -13,6 +13,8 @@
symbols = ["IdmapSet.doUidshiftIntoContainer"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20151004155856-19c6961cc101"
diff --git a/reports/GO-2021-0072.toml b/reports/GO-2021-0072.toml
index c9c15ef..7347115 100644
--- a/reports/GO-2021-0072.toml
+++ b/reports/GO-2021-0072.toml
@@ -11,6 +11,8 @@
symbols = ["copyFullPayload"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v2.7.0-rc.0+incompatible"
diff --git a/reports/GO-2021-0073.toml b/reports/GO-2021-0073.toml
index e9a7841..d733e2c 100644
--- a/reports/GO-2021-0073.toml
+++ b/reports/GO-2021-0073.toml
@@ -11,6 +11,8 @@
symbols = ["sshGetLFSExeAndArgs"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v2.1.1-0.20170519163204-f913f5f9c7c6+incompatible"
diff --git a/reports/GO-2021-0075.toml b/reports/GO-2021-0075.toml
index 752e06e..4615ee5 100644
--- a/reports/GO-2021-0075.toml
+++ b/reports/GO-2021-0075.toml
@@ -10,6 +10,8 @@
symbols = ["protocolManager.handleMsg"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.8.11"
diff --git a/reports/GO-2021-0076.toml b/reports/GO-2021-0076.toml
index 37b6800..47450d0 100644
--- a/reports/GO-2021-0076.toml
+++ b/reports/GO-2021-0076.toml
@@ -10,6 +10,8 @@
symbols = ["partialArray.add"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.2"
diff --git a/reports/GO-2021-0077.toml b/reports/GO-2021-0077.toml
index ecf5848..822ec68 100644
--- a/reports/GO-2021-0077.toml
+++ b/reports/GO-2021-0077.toml
@@ -12,6 +12,8 @@
symbols = ["authStore.AuthInfoFromTLS"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.0-alpha.5.0.20190108173120-83c051b701d3"
diff --git a/reports/GO-2021-0078.toml b/reports/GO-2021-0078.toml
index ff5c0da..14068a2 100644
--- a/reports/GO-2021-0078.toml
+++ b/reports/GO-2021-0078.toml
@@ -13,6 +13,8 @@
symbols = ["inBodyIM", "inFramesetIM"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20180816102801-aaf60122140d"
diff --git a/reports/GO-2021-0079.toml b/reports/GO-2021-0079.toml
index e2802c6..6ac634b 100644
--- a/reports/GO-2021-0079.toml
+++ b/reports/GO-2021-0079.toml
@@ -14,6 +14,8 @@
symbols = ["Network.checkTopicRegister"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.4-0.20180831054840-1ac3c8ac4f2b"
diff --git a/reports/GO-2021-0081.toml b/reports/GO-2021-0081.toml
index 4532d86..ce0d87b 100644
--- a/reports/GO-2021-0081.toml
+++ b/reports/GO-2021-0081.toml
@@ -11,6 +11,8 @@
symbols = ["dockerClient.getBearerToken"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = ""
fixed = "v2.0.2-0.20190802080134-634605d06e73+incompatible"
diff --git a/reports/GO-2021-0082.toml b/reports/GO-2021-0082.toml
index 389800d..9f72dc2 100644
--- a/reports/GO-2021-0082.toml
+++ b/reports/GO-2021-0082.toml
@@ -11,6 +11,8 @@
cve = "CVE-2019-11939"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.31.1-0.20200311080807-483ed864d69f"
diff --git a/reports/GO-2021-0083.toml b/reports/GO-2021-0083.toml
index ad4f835..cd65f50 100644
--- a/reports/GO-2021-0083.toml
+++ b/reports/GO-2021-0083.toml
@@ -11,6 +11,8 @@
symbols = ["Adaptor.newTLSConfig"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.12.1-0.20190521122906-c1aa4f867846"
diff --git a/reports/GO-2021-0084.toml b/reports/GO-2021-0084.toml
index e61eb97..f2af68b 100644
--- a/reports/GO-2021-0084.toml
+++ b/reports/GO-2021-0084.toml
@@ -12,6 +12,8 @@
symbols = ["FileProvider.SessionRead", "FileProvider.SessionRegenerate"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.12.2-0.20200613154013-bac2b31afecc"
diff --git a/reports/GO-2021-0085.toml b/reports/GO-2021-0085.toml
index 882d8a0..9f5fd79 100644
--- a/reports/GO-2021-0085.toml
+++ b/reports/GO-2021-0085.toml
@@ -10,6 +10,8 @@
credit = "Leopold Schabel"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.0-rc8.0.20190930145003-cad42f6e0932"
diff --git a/reports/GO-2021-0086.toml b/reports/GO-2021-0086.toml
index 55629c6..66719fc 100644
--- a/reports/GO-2021-0086.toml
+++ b/reports/GO-2021-0086.toml
@@ -10,6 +10,8 @@
symbols = ["Provider.Render"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.76.3-0.20191119114751-a4384210d4d0"
diff --git a/reports/GO-2021-0087.toml b/reports/GO-2021-0087.toml
index b2638cf..8521585 100644
--- a/reports/GO-2021-0087.toml
+++ b/reports/GO-2021-0087.toml
@@ -14,6 +14,8 @@
symbols = ["mountToRootfs"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.0.0-rc9.0.20200122160610-2fc03cc11c77"
diff --git a/reports/GO-2021-0088.toml b/reports/GO-2021-0088.toml
index 552daf0..bfbcb5f 100644
--- a/reports/GO-2021-0088.toml
+++ b/reports/GO-2021-0088.toml
@@ -12,6 +12,8 @@
symbols = ["Skip"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.31.1-0.20190225164308-c461c1bd1a3e"
diff --git a/reports/GO-2021-0089.toml b/reports/GO-2021-0089.toml
index 9b6b9cb..c77e87f 100644
--- a/reports/GO-2021-0089.toml
+++ b/reports/GO-2021-0089.toml
@@ -12,6 +12,8 @@
symbols = ["findKeyStart"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20200321185410-91ac96899e49"
diff --git a/reports/GO-2021-0090.toml b/reports/GO-2021-0090.toml
index c24d360..071d6df 100644
--- a/reports/GO-2021-0090.toml
+++ b/reports/GO-2021-0090.toml
@@ -13,6 +13,8 @@
symbols = ["VoteSet.MakeCommit"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
introduced = "v0.33.0"
fixed = "v0.34.0-dev1.0.20200702134149-480b995a3172"
diff --git a/reports/GO-2021-0091.toml b/reports/GO-2021-0091.toml
index 23fca2b..fee02b3 100644
--- a/reports/GO-2021-0091.toml
+++ b/reports/GO-2021-0091.toml
@@ -12,6 +12,8 @@
symbols = ["Ctx.Attachment"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.12.6-0.20200710202935-a8ad5454363f"
diff --git a/reports/GO-2021-0092.toml b/reports/GO-2021-0092.toml
index 4bc7c84..7a97c6a 100644
--- a/reports/GO-2021-0092.toml
+++ b/reports/GO-2021-0092.toml
@@ -9,6 +9,8 @@
symbols = ["Fosite.AuthenticateClient"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.31.0"
diff --git a/reports/GO-2021-0094.toml b/reports/GO-2021-0094.toml
index c231915..e969547 100644
--- a/reports/GO-2021-0094.toml
+++ b/reports/GO-2021-0094.toml
@@ -13,6 +13,8 @@
symbols = ["Unpack"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.5.0"
diff --git a/reports/GO-2021-0095.toml b/reports/GO-2021-0095.toml
index baa0a41..630baca 100644
--- a/reports/GO-2021-0095.toml
+++ b/reports/GO-2021-0095.toml
@@ -13,6 +13,8 @@
symbols = ["CreateWrapKey"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.3.0"
diff --git a/reports/GO-2021-0096.toml b/reports/GO-2021-0096.toml
index 81f8465..28a1135 100644
--- a/reports/GO-2021-0096.toml
+++ b/reports/GO-2021-0096.toml
@@ -9,6 +9,8 @@
credit = "Ulrich Obergfell"
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.1.1"
diff --git a/reports/GO-2021-0097.toml b/reports/GO-2021-0097.toml
index 1ca1abf..0c20797 100644
--- a/reports/GO-2021-0097.toml
+++ b/reports/GO-2021-0097.toml
@@ -17,6 +17,8 @@
"readAtomData"
]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.0.0-20201120070457-d52dcb253c63"
diff --git a/reports/GO-2021-0098.toml b/reports/GO-2021-0098.toml
index 27a1e67..555e007 100644
--- a/reports/GO-2021-0098.toml
+++ b/reports/GO-2021-0098.toml
@@ -14,6 +14,8 @@
symbols = ["PipeCommand"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v1.5.1-0.20210113180018-fc664697ed2c"
diff --git a/reports/GO-2021-0099.toml b/reports/GO-2021-0099.toml
index d1e2a58..f335cbc 100644
--- a/reports/GO-2021-0099.toml
+++ b/reports/GO-2021-0099.toml
@@ -13,6 +13,8 @@
symbols = ["extractTarDirectory"]
+published = "2021-04-14T12:00:00Z"
+
[[versions]]
fixed = "v0.9.0"
diff --git a/template b/template
index 8ecef6c..80035c7 100644
--- a/template
+++ b/template
@@ -11,6 +11,8 @@
symbols = [""]
+published = ""
+
[[versions]]
introduced = ""
fixed = ""
