commit a3a17c98162f30663aadeb99acf809b6db539f7d
author Roland Shoemaker <roland@golang.org> Wed Apr 14 12:59:24 2021 -0700
committer Roland Shoemaker <bracewell@google.com> Wed Apr 14 20:04:52 2021 +0000
tree e154f0a990da88f94c2ea85422da20d683ca5e81
parent 29b7148a1c042a3b13dcfa28eb3e5270b22eb3b0

all: switch from toml to yaml

Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85
Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925
Reviewed-by: Roland Shoemaker <bracewell@google.com>

reports/GO-2020-0012.yaml

diff --git a/reports/GO-2020-0012.yaml b/reports/GO-2020-0012.yaml
new file mode 100644
index 0000000..e0f6a07
--- /dev/null
+++ b/reports/GO-2020-0012.yaml
@@ -0,0 +1,22 @@
+module: golang.org/x/crypto
+package: golang.org/x/crypto/ssh
+versions:
+- fixed: v0.0.0-20200220183623-bac4c82f6975
+description: |
+  An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
+  key, such that the library will panic when trying to verify a signature
+  with it.
+published: 2021-04-14T12:00:00Z
+cve: CVE-2020-9283
+credit: Alex Gaynor, Fish in a Barrel
+symbols:
+- parseED25519
+- ed25519PublicKey.Verify
+- parseSKEd25519
+- skEd25519PublicKey.Verify
+- NewPublicKey
+links:
+  pr: https://go-review.googlesource.com/c/crypto/+/220357
+  commit: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
+  context:
+  - https://groups.google.com/g/golang-announce/c/3L45YRc91SY