data/reports: add vulnerable_at to GO-2021-0412.yaml
Aliases: CVE-2022-24778, GHSA-8v99-48m9-c8pm
Updates golang/vulndb#412
Change-Id: I2bcb4d456b3cffec1439d117221391e1f63e1035
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463681
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Tim King <taking@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/osv/GO-2021-0412.json b/data/osv/GO-2021-0412.json
index f2249a2..ffe1241 100644
--- a/data/osv/GO-2021-0412.json
+++ b/data/osv/GO-2021-0412.json
@@ -34,6 +34,9 @@
{
"path": "github.com/containerd/imgcrypt/images/encryption",
"symbols": [
+ "CheckAuthorization",
+ "DecryptImage",
+ "EncryptImage",
"cryptManifestList"
]
}
diff --git a/data/reports/GO-2021-0412.yaml b/data/reports/GO-2021-0412.yaml
index 31a4826..c580d93 100644
--- a/data/reports/GO-2021-0412.yaml
+++ b/data/reports/GO-2021-0412.yaml
@@ -2,10 +2,15 @@
- module: github.com/containerd/imgcrypt
versions:
- fixed: 1.1.4
+ vulnerable_at: 1.1.3
packages:
- package: github.com/containerd/imgcrypt/images/encryption
symbols:
- cryptManifestList
+ derived_symbols:
+ - CheckAuthorization
+ - DecryptImage
+ - EncryptImage
description: |
The imgcrypt library provides API exensions for containerd to
support encrypted container images and implements the ctd-decoder