reports: add GO-2021-0178.yaml for CVE-2017-15042
Fixes golang/vulndb#178
Change-Id: I0d9510a42a3e506e3b8e0370855c27d710c16b2b
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/376594
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
diff --git a/reports/GO-2021-0178.yaml b/reports/GO-2021-0178.yaml
new file mode 100644
index 0000000..ac91909
--- /dev/null
+++ b/reports/GO-2021-0178.yaml
@@ -0,0 +1,23 @@
+module: std
+package: net/smtp
+versions:
+- introduced: go1.1
+ fixed: go1.8.4
+- introduced: go1.1
+ fixed: go1.9.1
+description: |
+ SMTP clients using net/smtp can use the PLAIN authentication scheme on
+ network connections not secured with TLS, exposing passwords to
+ man-in-the-middle SMTP servers.
+cves:
+- CVE-2017-15042
+credit: Stevie Johnstone
+symbols:
+- plainAuth.Start
+links:
+ pr: https://go.dev/cl/68170
+ commit: https://go.googlesource.com/go/+/ec3b6131de8f9c9c25283260c95c616c74f6d790
+ context:
+ - https://go.dev/issue/22134
+ - https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
+published: 2022-01-07T20:35:00Z
