commit 77344fd47d2921e8e3b97981649d8e621b26409d
author Damien Neil <dneil@google.com> Tue May 10 15:03:50 2022 -0700
committer Damien Neil <dneil@google.com> Tue May 10 22:42:06 2022 +0000
tree d382dac6391c51d89d26eb03d0f91aa509d0819b
parent a2c87cca904a86eff0624a7ebb41701ba707e2e0

all: refactor report packages into a list

Combine the Report.{Module,Package,...} fields with the
Report.AdditionalPackages field into a single Report.Packages
field with a list of affected packages.

Fixes #52836.

Change-Id: I84432f242fdbdac5d8609f0406d1f12f925108be
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/405574
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>

reports/GO-2020-0012.yaml

diff --git a/reports/GO-2020-0012.yaml b/reports/GO-2020-0012.yaml
index 9bd2b4e..5810e6c 100644
--- a/reports/GO-2020-0012.yaml
+++ b/reports/GO-2020-0012.yaml
@@ -1,7 +1,14 @@
-module: golang.org/x/crypto
-package: golang.org/x/crypto/ssh
-versions:
-  - fixed: v0.0.0-20200220183623-bac4c82f6975
+packages:
+  - module: golang.org/x/crypto
+    package: golang.org/x/crypto/ssh
+    symbols:
+      - parseED25519
+      - ed25519PublicKey.Verify
+      - parseSKEd25519
+      - skEd25519PublicKey.Verify
+      - NewPublicKey
+    versions:
+      - fixed: v0.0.0-20200220183623-bac4c82f6975
 description: |
     An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
     key, such that the library will panic when trying to verify a signature
@@ -13,12 +20,6 @@
 ghsas:
   - GHSA-ffhg-7mh4-33c4
 credit: Alex Gaynor, Fish in a Barrel
-symbols:
-  - parseED25519
-  - ed25519PublicKey.Verify
-  - parseSKEd25519
-  - skEd25519PublicKey.Verify
-  - NewPublicKey
 links:
     pr: https://go-review.googlesource.com/c/crypto/+/220357
     commit: https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236