commit 1aea2bb14e0d374740c45bec4cd09fef3f54a535
author Zvonimir Pavlinovic <zpavlinovic@google.com> Fri Feb 16 17:28:18 2024 +0000
committer Zvonimir Pavlinovic <zpavlinovic@google.com> Fri Feb 16 18:20:45 2024 +0000
tree 5171985c6cc338f21a302193073181d0d9710ae7
parent 1dd918f969f66aac5e10558c0616566bea7198de

data/reports: updates GO-2024-2454.yaml

Updates golang/vulndb#2454
Fixes golang/vulndb#2555

Change-Id: If593547ce945ce821f8f695b743ec9ac9b4cf421
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/564537
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>

data/osv/GO-2024-2454.json

diff --git a/data/osv/GO-2024-2454.json b/data/osv/GO-2024-2454.json
index e4640cb..6c1fc04 100644
--- a/data/osv/GO-2024-2454.json
+++ b/data/osv/GO-2024-2454.json
@@ -21,6 +21,9 @@
           "events": [
             {
               "introduced": "1.0.8"
+            },
+            {
+              "fixed": "1.2.28"
             }
           ]
         }

data/reports/GO-2024-2454.yaml

diff --git a/data/reports/GO-2024-2454.yaml b/data/reports/GO-2024-2454.yaml
index 83043a6..5b3a0e3 100644
--- a/data/reports/GO-2024-2454.yaml
+++ b/data/reports/GO-2024-2454.yaml
@@ -3,7 +3,8 @@
     - module: github.com/lestrrat-go/jwx
       versions:
         - introduced: 1.0.8
-      vulnerable_at: 1.2.28
+        - fixed: 1.2.28
+      vulnerable_at: 1.2.27
       packages:
         - package: github.com/lestrrat-go/jwx/jws
           symbols:
@@ -28,3 +29,4 @@
 notes:
     - This report covers issues 2454, for v2, and 2455, for v1.
     - The earliest v1 version with the vulnerable symbol is v1.0.8.
+    - The fix for v1 was not known initially, the GHSA got updated later.