data/reports: fix GO-2020-0036.yaml Add vulnerable_at and more affectected symbols Aliases: CVE-2019-11254, GHSA-wxc4-f4m6-wwqv Updates golang/vulndb#36 Change-Id: I13397c294fcfa76e152fc57240fad35e88fe5723 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462137 Auto-Submit: Tatiana Bradley <tatiana@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com>

commit: 87d96701df13a9204b62952632472b0752531fe2 [log] [tgz]
author: Tatiana Bradley <tatianabradley@google.com> Fri Jan 13 16:51:23 2023 -0500
committer: Gopher Robot <gobot@golang.org> Sat Jan 14 00:31:02 2023 +0000
tree: 634582e21852022c2eb6079fb83b9b53d46a9684
parent: 3a03dfb4c3c0b2ae22c25164278cf34de084f4e1 [diff]
diff --git a/data/osv/GO-2020-0036.json b/data/osv/GO-2020-0036.json
index 5e9b28a..fb597f4 100644
--- a/data/osv/GO-2020-0036.json
+++ b/data/osv/GO-2020-0036.json

@@ -37,7 +37,12 @@
               "Decoder.Decode",
               "Unmarshal",
               "UnmarshalStrict",
-              "yaml_parser_fetch_more_tokens"
+              "yaml_parser_decrease_flow_level",
+              "yaml_parser_fetch_more_tokens",
+              "yaml_parser_fetch_stream_start",
+              "yaml_parser_fetch_value",
+              "yaml_parser_remove_simple_key",
+              "yaml_parser_save_simple_key"
             ]
           }
         ]
@@ -69,7 +74,12 @@
               "Decoder.Decode",
               "Unmarshal",
               "UnmarshalStrict",
-              "yaml_parser_fetch_more_tokens"
+              "yaml_parser_decrease_flow_level",
+              "yaml_parser_fetch_more_tokens",
+              "yaml_parser_fetch_stream_start",
+              "yaml_parser_fetch_value",
+              "yaml_parser_remove_simple_key",
+              "yaml_parser_save_simple_key"
             ]
           }
         ]

diff --git a/data/reports/GO-2020-0036.yaml b/data/reports/GO-2020-0036.yaml
index fa55c1e..3a5a2b0 100644
--- a/data/reports/GO-2020-0036.yaml
+++ b/data/reports/GO-2020-0036.yaml

@@ -2,19 +2,31 @@
   - module: gopkg.in/yaml.v2
     versions:
       - fixed: 2.2.8
+    vulnerable_at: 2.2.7
     packages:
       - package: gopkg.in/yaml.v2
         symbols:
           - yaml_parser_fetch_more_tokens
+          - yaml_parser_save_simple_key
+          - yaml_parser_remove_simple_key
+          - yaml_parser_decrease_flow_level
+          - yaml_parser_fetch_stream_start
+          - yaml_parser_fetch_value
         derived_symbols:
           - Decoder.Decode
           - Unmarshal
           - UnmarshalStrict
   - module: github.com/go-yaml/yaml
+    vulnerable_at: 2.1.0+incompatible
     packages:
       - package: github.com/go-yaml/yaml
         symbols:
           - yaml_parser_fetch_more_tokens
+          - yaml_parser_save_simple_key
+          - yaml_parser_remove_simple_key
+          - yaml_parser_decrease_flow_level
+          - yaml_parser_fetch_stream_start
+          - yaml_parser_fetch_value
         derived_symbols:
           - Decoder.Decode
           - Unmarshal
commit	87d96701df13a9204b62952632472b0752531fe2	[log] [tgz]
author	Tatiana Bradley <tatianabradley@google.com>	Fri Jan 13 16:51:23 2023 -0500
committer	Gopher Robot <gobot@golang.org>	Sat Jan 14 00:31:02 2023 +0000
tree	634582e21852022c2eb6079fb83b9b53d46a9684
parent	3a03dfb4c3c0b2ae22c25164278cf34de084f4e1 [diff]