data/reports: add vulnerable_at to GO-2020-0012.yaml Aliases: CVE-2020-9283, GHSA-ffhg-7mh4-33c4 Updates golang/vulndb#12 Change-Id: If1f8408a816b0a4e7fcfea6c5c5dcc64c8d8bc9b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/462080 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tatiana Bradley <tatiana@golang.org> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: Tatiana Bradley <tatiana@golang.org>

commit: f83f7ad19f7c3c673a114144ae438410077a3dcc [log] [tgz]
author: Tatiana Bradley <tatianabradley@google.com> Fri Jan 13 14:42:19 2023 -0500
committer: Tatiana Bradley <tatiana@golang.org> Fri Jan 13 22:42:11 2023 +0000
tree: 7e1f4f8443173b03b8337d048962c6309b80353b
parent: 1bfde7069301f231877ae5d2bddbce010d0685b7 [diff]
diff --git a/data/osv/GO-2020-0012.json b/data/osv/GO-2020-0012.json
index 3dfeb24..9712168 100644
--- a/data/osv/GO-2020-0012.json
+++ b/data/osv/GO-2020-0012.json

@@ -34,7 +34,23 @@
           {
             "path": "golang.org/x/crypto/ssh",
             "symbols": [
+              "CertChecker.Authenticate",
+              "CertChecker.CheckCert",
+              "CertChecker.CheckHostKey",
+              "Certificate.Verify",
+              "Dial",
+              "NewClientConn",
               "NewPublicKey",
+              "NewServerConn",
+              "NewSignerFromKey",
+              "NewSignerFromSigner",
+              "ParseAuthorizedKey",
+              "ParseKnownHosts",
+              "ParsePrivateKey",
+              "ParsePrivateKeyWithPassphrase",
+              "ParsePublicKey",
+              "ParseRawPrivateKey",
+              "ParseRawPrivateKeyWithPassphrase",
               "ed25519PublicKey.Verify",
               "parseED25519",
               "parseSKEd25519",

diff --git a/data/reports/GO-2020-0012.yaml b/data/reports/GO-2020-0012.yaml
index d91f356..7723883 100644
--- a/data/reports/GO-2020-0012.yaml
+++ b/data/reports/GO-2020-0012.yaml

@@ -2,6 +2,7 @@
   - module: golang.org/x/crypto
     versions:
       - fixed: 0.0.0-20200220183623-bac4c82f6975
+    vulnerable_at: 0.0.0-20200219234226-1ad67e1f0ef4
     packages:
       - package: golang.org/x/crypto/ssh
         symbols:
@@ -10,6 +11,23 @@
           - parseSKEd25519
           - skEd25519PublicKey.Verify
           - NewPublicKey
+        derived_symbols:
+          - CertChecker.Authenticate
+          - CertChecker.CheckCert
+          - CertChecker.CheckHostKey
+          - Certificate.Verify
+          - Dial
+          - NewClientConn
+          - NewServerConn
+          - NewSignerFromKey
+          - NewSignerFromSigner
+          - ParseAuthorizedKey
+          - ParseKnownHosts
+          - ParsePrivateKey
+          - ParsePrivateKeyWithPassphrase
+          - ParsePublicKey
+          - ParseRawPrivateKey
+          - ParseRawPrivateKeyWithPassphrase
 description: |
     An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
     key, such that the library will panic when trying to verify a signature
commit	f83f7ad19f7c3c673a114144ae438410077a3dcc	[log] [tgz]
author	Tatiana Bradley <tatianabradley@google.com>	Fri Jan 13 14:42:19 2023 -0500
committer	Tatiana Bradley <tatiana@golang.org>	Fri Jan 13 22:42:11 2023 +0000
tree	7e1f4f8443173b03b8337d048962c6309b80353b
parent	1bfde7069301f231877ae5d2bddbce010d0685b7 [diff]