Google Git
Sign in
go / vulndb / 135e1ab04d923cb6254049b81067934f9358589e^! / . / data / reports / GO-2022-1165.yaml
commit135e1ab04d923cb6254049b81067934f9358589e[log] [tgz]
authorTim King <taking@google.com>Fri Jan 27 16:51:14 2023 -0800
committerTatiana Bradley <tatianabradley@google.com>Mon Jan 30 16:20:14 2023 +0000
tree3cc62bc7a982fc05bf7c57c98ce191dd60419b56
parent7253c1fd2adf59e1fb3a64021c3cb6f50db301ec [diff] [blame]
data/reports: apply vulnreport fix to 1117, 1118, 1130, 1155, 1165, and 1166

Change-Id: I3dd3f463ba0f42e56d85cce7fb545ebc70294fef
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463112
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/data/reports/GO-2022-1165.yaml b/data/reports/GO-2022-1165.yaml
index 4e13840..c8e2244 100644
--- a/data/reports/GO-2022-1165.yaml
+++ b/data/reports/GO-2022-1165.yaml

@@ -1,25 +1,25 @@
 modules:
-    - module: helm.sh/helm/v3
-      versions:
-        - fixed: 3.10.3
-      vulnerable_at: 3.10.2
-      packages:
-        - package: helm.sh/helm/v3/pkg/repo
-          symbols:
-            - IndexFile.MustAdd
-            - loadIndex
-            - File.Remove
-          derived_symbols:
-            - ChartRepository.DownloadIndexFile
-            - ChartRepository.Index
-            - ChartRepository.Load
-            - FindChartInAuthAndTLSAndPassRepoURL
-            - FindChartInAuthAndTLSRepoURL
-            - FindChartInAuthRepoURL
-            - FindChartInRepoURL
-            - IndexDirectory
-            - IndexFile.Add
-            - LoadIndexFile
+  - module: helm.sh/helm/v3
+    versions:
+      - fixed: 3.10.3
+    vulnerable_at: 3.10.2
+    packages:
+      - package: helm.sh/helm/v3/pkg/repo
+        symbols:
+          - IndexFile.MustAdd
+          - loadIndex
+          - File.Remove
+        derived_symbols:
+          - ChartRepository.DownloadIndexFile
+          - ChartRepository.Index
+          - ChartRepository.Load
+          - FindChartInAuthAndTLSAndPassRepoURL
+          - FindChartInAuthAndTLSRepoURL
+          - FindChartInAuthRepoURL
+          - FindChartInRepoURL
+          - IndexDirectory
+          - IndexFile.Add
+          - LoadIndexFile
 description: |
     Applications that use the repo package in the Helm SDK to parse an index
     file can suffer a Denial of Service when that input causes a panic that
@@ -35,10 +35,10 @@
     violation panic. Helm is not a long running service so the panic will not
     affect future uses of the Helm client.
 cves:
-    - CVE-2022-23525
+  - CVE-2022-23525
 ghsas:
-    - GHSA-53c4-hhmh-vw5q
+  - GHSA-53c4-hhmh-vw5q
 credit: Ada Logics, in a fuzzing audit sponsored by CNCF
 references:
-    - advisory: https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q
-    - fix: https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b
+  - advisory: https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q
+  - fix: https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b