all: switch from toml to yaml Change-Id: I9fb36a246d0d532e44a28903998b9750cf794a85 Reviewed-on: https://team-review.git.corp.google.com/c/golang/vulndb/+/1055925 Reviewed-by: Roland Shoemaker <bracewell@google.com>
diff --git a/reports/GO-2020-0022.yaml b/reports/GO-2020-0022.yaml new file mode 100644 index 0000000..ccf6212 --- /dev/null +++ b/reports/GO-2020-0022.yaml
@@ -0,0 +1,15 @@ +module: github.com/cloudflare/golz4 +versions: +- fixed: v0.0.0-20140711154735-199f5f787806 +description: | + LZ4 bindings used a deprecated C API that is vulnerable to + memory corruption which could lead to arbitrary code execution + if successfully exploited. +published: 2021-04-14T12:00:00Z +credit: Don A. Bailey +symbols: +- Uncompress +links: + commit: https://github.com/cloudflare/golz4/commit/199f5f7878062ca17a98e079f2dbe1205e2ed898 + context: + - https://github.com/cloudflare/golz4/issues/5