data/reports: fix GO-2020-0025.yaml
Add vulnerable_at, remove unimportable module, fix symbols
Aliases: CVE-2018-25046, GHSA-32qh-8vg6-9g43
Updates golang/vulndb#25
Change-Id: If375d29974950b6e1f98767e55846a332596caed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462083
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/cve/v5/GO-2020-0025.json b/data/cve/v5/GO-2020-0025.json
index 78682bc..be38fe2 100644
--- a/data/cve/v5/GO-2020-0025.json
+++ b/data/cve/v5/GO-2020-0025.json
@@ -17,10 +17,10 @@
],
"affected": [
{
- "vendor": "github.com/cloudfoundry/archiver",
- "product": "github.com/cloudfoundry/archiver",
+ "vendor": "code.cloudfoundry.org/archiver",
+ "product": "code.cloudfoundry.org/archiver/extractor",
"collectionURL": "https://pkg.go.dev",
- "packageName": "github.com/cloudfoundry/archiver",
+ "packageName": "code.cloudfoundry.org/archiver/extractor",
"versions": [
{
"version": "0",
@@ -31,28 +31,17 @@
],
"programRoutines": [
{
- "name": "tgzExtractor.Extract"
+ "name": "extractTarArchiveFile"
},
{
- "name": "zipExtractor.Extract"
- }
- ],
- "defaultStatus": "unaffected"
- },
- {
- "vendor": "code.cloudfoundry.org/archiver",
- "product": "code.cloudfoundry.org/archiver",
- "collectionURL": "https://pkg.go.dev",
- "packageName": "code.cloudfoundry.org/archiver",
- "versions": [
+ "name": "extractZipArchiveFile"
+ },
{
- "version": "0",
- "lessThan": "0.0.0-20180523222229-09b5706aa936",
- "status": "affected",
- "versionType": "semver"
- }
- ],
- "programRoutines": [
+ "name": "detectableExtractor.Extract"
+ },
+ {
+ "name": "tarExtractor.Extract"
+ },
{
"name": "tgzExtractor.Extract"
},
diff --git a/data/osv/GO-2020-0025.json b/data/osv/GO-2020-0025.json
index c05bfe0..0e2576a 100644
--- a/data/osv/GO-2020-0025.json
+++ b/data/osv/GO-2020-0025.json
@@ -10,39 +10,6 @@
"affected": [
{
"package": {
- "name": "github.com/cloudfoundry/archiver",
- "ecosystem": "Go"
- },
- "ranges": [
- {
- "type": "SEMVER",
- "events": [
- {
- "introduced": "0"
- },
- {
- "fixed": "0.0.0-20180523222229-09b5706aa936"
- }
- ]
- }
- ],
- "database_specific": {
- "url": "https://pkg.go.dev/vuln/GO-2020-0025"
- },
- "ecosystem_specific": {
- "imports": [
- {
- "path": "github.com/cloudfoundry/archiver",
- "symbols": [
- "tgzExtractor.Extract",
- "zipExtractor.Extract"
- ]
- }
- ]
- }
- },
- {
- "package": {
"name": "code.cloudfoundry.org/archiver",
"ecosystem": "Go"
},
@@ -65,8 +32,12 @@
"ecosystem_specific": {
"imports": [
{
- "path": "code.cloudfoundry.org/archiver",
+ "path": "code.cloudfoundry.org/archiver/extractor",
"symbols": [
+ "detectableExtractor.Extract",
+ "extractTarArchiveFile",
+ "extractZipArchiveFile",
+ "tarExtractor.Extract",
"tgzExtractor.Extract",
"zipExtractor.Extract"
]
diff --git a/data/reports/GO-2020-0025.yaml b/data/reports/GO-2020-0025.yaml
index 55a9f26..4107d4a 100644
--- a/data/reports/GO-2020-0025.yaml
+++ b/data/reports/GO-2020-0025.yaml
@@ -1,18 +1,16 @@
modules:
- - module: github.com/cloudfoundry/archiver
- versions:
- - fixed: 0.0.0-20180523222229-09b5706aa936
- packages:
- - package: github.com/cloudfoundry/archiver
- symbols:
- - tgzExtractor.Extract
- - zipExtractor.Extract
- module: code.cloudfoundry.org/archiver
versions:
- fixed: 0.0.0-20180523222229-09b5706aa936
+ vulnerable_at: 0.0.0-20170223024658-7291196139d7
packages:
- - package: code.cloudfoundry.org/archiver
+ - package: code.cloudfoundry.org/archiver/extractor
symbols:
+ - extractTarArchiveFile
+ - extractZipArchiveFile
+ derived_symbols:
+ - detectableExtractor.Extract
+ - tarExtractor.Extract
- tgzExtractor.Extract
- zipExtractor.Extract
description: |