data/reports: fix GO-2020-0036.yaml
Add vulnerable_at and more affectected symbols
Aliases: CVE-2019-11254, GHSA-wxc4-f4m6-wwqv
Updates golang/vulndb#36
Change-Id: I13397c294fcfa76e152fc57240fad35e88fe5723
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462137
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2020-0036.json b/data/osv/GO-2020-0036.json
index 5e9b28a..fb597f4 100644
--- a/data/osv/GO-2020-0036.json
+++ b/data/osv/GO-2020-0036.json
@@ -37,7 +37,12 @@
"Decoder.Decode",
"Unmarshal",
"UnmarshalStrict",
- "yaml_parser_fetch_more_tokens"
+ "yaml_parser_decrease_flow_level",
+ "yaml_parser_fetch_more_tokens",
+ "yaml_parser_fetch_stream_start",
+ "yaml_parser_fetch_value",
+ "yaml_parser_remove_simple_key",
+ "yaml_parser_save_simple_key"
]
}
]
@@ -69,7 +74,12 @@
"Decoder.Decode",
"Unmarshal",
"UnmarshalStrict",
- "yaml_parser_fetch_more_tokens"
+ "yaml_parser_decrease_flow_level",
+ "yaml_parser_fetch_more_tokens",
+ "yaml_parser_fetch_stream_start",
+ "yaml_parser_fetch_value",
+ "yaml_parser_remove_simple_key",
+ "yaml_parser_save_simple_key"
]
}
]
diff --git a/data/reports/GO-2020-0036.yaml b/data/reports/GO-2020-0036.yaml
index fa55c1e..3a5a2b0 100644
--- a/data/reports/GO-2020-0036.yaml
+++ b/data/reports/GO-2020-0036.yaml
@@ -2,19 +2,31 @@
- module: gopkg.in/yaml.v2
versions:
- fixed: 2.2.8
+ vulnerable_at: 2.2.7
packages:
- package: gopkg.in/yaml.v2
symbols:
- yaml_parser_fetch_more_tokens
+ - yaml_parser_save_simple_key
+ - yaml_parser_remove_simple_key
+ - yaml_parser_decrease_flow_level
+ - yaml_parser_fetch_stream_start
+ - yaml_parser_fetch_value
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
- module: github.com/go-yaml/yaml
+ vulnerable_at: 2.1.0+incompatible
packages:
- package: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
+ - yaml_parser_save_simple_key
+ - yaml_parser_remove_simple_key
+ - yaml_parser_decrease_flow_level
+ - yaml_parser_fetch_stream_start
+ - yaml_parser_fetch_value
derived_symbols:
- Decoder.Decode
- Unmarshal