commit ae7b4038537b99a3ba90397971aa829777d8bce5
author Neal Patel <nealpatel@google.com> Wed Mar 26 14:49:23 2025 -0400
committer Gopher Robot <gobot@golang.org> Wed Mar 26 13:15:20 2025 -0700
tree 6dbd3fd7bceb9b78a439fdaf21ef0b272abe676e
parent 1d278dd231c22d42a4df58ce72f96011d6debbf1

data/reports: withdraw 1 report

Fixes golang/vulndb#3543
Fixes golang/vulndb#3578

Change-Id: I10e84b22911a0350b9f60d6299949a348f908d36
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/661075
Reviewed-by: Damien Neil <dneil@google.com>
Commit-Queue: Neal Patel <nealpatel@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Neal Patel <nealpatel@google.com>

data/osv/GO-2025-3543.json

diff --git a/data/osv/GO-2025-3543.json b/data/osv/GO-2025-3543.json
index 7a87eed..47ac078 100644
--- a/data/osv/GO-2025-3543.json
+++ b/data/osv/GO-2025-3543.json
@@ -3,11 +3,12 @@
   "id": "GO-2025-3543",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2025-03-26T18:45:50Z",
   "aliases": [
     "CVE-2025-27612"
   ],
-  "summary": "Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc",
-  "details": "Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/opencontainers/runc before v0.5.3.",
+  "summary": "WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc",
+  "details": "(This report has been withdrawn with reason: \"Does not affect Go code.\"). https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 which caused automation to flag as Go; the affected repo is https://github.com/youki-dev/youki (Rust).",
   "affected": [
     {
       "package": {
@@ -65,6 +66,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3543",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
\ No newline at end of file

data/reports/GO-2025-3543.yaml

diff --git a/data/reports/GO-2025-3543.yaml b/data/reports/GO-2025-3543.yaml
index 40a7dbe..7260ef8 100644
--- a/data/reports/GO-2025-3543.yaml
+++ b/data/reports/GO-2025-3543.yaml
@@ -4,7 +4,16 @@
       non_go_versions:
         - fixed: 0.5.3
       vulnerable_at: 1.2.6
-summary: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc
+summary: |-
+    WITHDRAWN: Libcontainer is affected by capabilities elevation in
+    github.com/opencontainers/runc
+description: |-
+    (This report has been withdrawn with reason: "Does not affect Go code.").
+    https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists
+    https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
+    which caused automation to flag as Go; the affected repo is
+    https://github.com/youki-dev/youki (Rust).
+withdrawn: "2025-03-26T18:45:50Z"
 cves:
     - CVE-2025-27612
 references:
@@ -16,4 +25,4 @@
 source:
     id: CVE-2025-27612
     created: 2025-03-25T12:08:02.851021-04:00
-review_status: UNREVIEWED
+review_status: REVIEWED