commit | efa5c39fa752151eedfbd13fad870b96d8ad25d3 | [log] [tgz] |
---|---|---|
author | Damien Neil <dneil@google.com> | Wed May 11 13:36:25 2022 -0700 |
committer | Damien Neil <dneil@google.com> | Thu May 12 21:11:01 2022 +0000 |
tree | f8eb45c46d2e2bf785dd22fe781d45db031cd730 | |
parent | dff27a0ebd4921b1a997ddccc949b4d8ad9c7077 [diff] |
internal/report: disallow overlapping version ranges When a vulnerability is fixed in (for example) v1.1.1, v1.2.1, and v1.3.0, OSV describes the vulnerability as applying to the ranges [0,1.1.1) and [1.2.0,1.2.1). (1.3.0 is not listed, because it comes after the fix in 1.2.1.) Check for overlapping ranges in "vulnreport lint". Fix existing reports with overlapping ranges. Fixes golang/go#52855. Change-Id: Ib285a205f5ce7e02485e9fa4763051f053e85000 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/405575 Reviewed-by: Jonathan Amsterdam <jba@google.com> Run-TryBot: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This repository contains the reports for the Go Vulnerability Database.
If you are interested accessing data from the Go Vulnerability Database, see x/vuln for information. This repository is only used for adding new vulnerabilities.
We are not accepting new vulnerability reports at this time. We will update this README.md once we are ready to receive reports.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Database entries are distributed under the terms of the CC-BY 4.0 license. See x/vuln for information on how to access these entries.