Skip to content

Commit

Permalink
data/reports: update 6 reports
Browse files Browse the repository at this point in the history 
Fix reports which won't pass an upcoming lint check
by merging / collapsing their version ranges.

  - data/reports/GO-2022-0617.yaml
  - data/reports/GO-2023-1573.yaml
  - data/reports/GO-2023-1574.yaml
  - data/reports/GO-2023-1730.yaml
  - data/reports/GO-2023-1946.yaml
  - data/reports/GO-2024-2784.yaml

Updates #617
Updates #1573
Updates #1574
Updates #1730
Updates #1946
Updates #2784

Change-Id: If02308deccab77b00cf10cb3619263e456d1ea64
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607456
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Aug 21, 2024
1 parent 17e5280 commit 37e2de0
Show file tree
Hide file tree
Showing 12 changed files with 33 additions and 320 deletions.
51 changes: 0 additions & 51 deletions data/osv/GO-2022-0617.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,57 +27,6 @@
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.19.0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.20.0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.21.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
Expand Down
34 changes: 5 additions & 29 deletions data/osv/GO-2023-1573.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,40 +20,16 @@
"type": "SEMVER",
"events": [
{
"introduced": "1.6.0"
"introduced": "0"
},
{
"fixed": "1.6.18"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/containerd/containerd/images/archive",
"symbols": [
"ImportIndex",
"onUntarJSON"
]
}
]
}
},
{
"package": {
"name": "github.com/containerd/containerd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
"fixed": "1.5.18"
},
{
"introduced": "0"
"introduced": "1.6.0"
},
{
"fixed": "1.5.18"
"fixed": "1.6.18"
}
]
}
Expand Down
55 changes: 10 additions & 45 deletions data/osv/GO-2023-1574.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,52 +30,16 @@
"type": "SEMVER",
"events": [
{
"introduced": "1.6.0"
"introduced": "0"
},
{
"fixed": "1.6.18"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/containerd/containerd/oci",
"symbols": [
"WithAdditionalGIDs",
"WithUIDGID",
"WithUser",
"WithUserID",
"WithUsername"
]
},
{
"path": "github.com/containerd/containerd/pkg/cri/server",
"symbols": [
"criService.CreateContainer",
"criService.containerSpecOpts",
"instrumentedAlphaService.CreateContainer",
"instrumentedService.CreateContainer"
]
}
]
}
},
{
"package": {
"name": "github.com/containerd/containerd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
"fixed": "1.5.18"
},
{
"introduced": "0"
"introduced": "1.6.0"
},
{
"fixed": "1.5.18"
"fixed": "1.6.18"
}
]
}
Expand All @@ -97,6 +61,7 @@
"symbols": [
"criService.CreateContainer",
"criService.containerSpecOpts",
"instrumentedAlphaService.CreateContainer",
"instrumentedService.CreateContainer"
]
}
Expand All @@ -110,8 +75,8 @@
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p"
},
{
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"
"type": "ARTICLE",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
},
{
"type": "FIX",
Expand All @@ -130,8 +95,8 @@
"url": "https://github.com/advisories/GHSA-phjr-8j92-w5v7"
},
{
"type": "ARTICLE",
"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/"
"type": "WEB",
"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"
}
],
"database_specific": {
Expand Down
49 changes: 2 additions & 47 deletions data/osv/GO-2023-1730.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,61 +21,16 @@
"events": [
{
"introduced": "1.7.0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.16"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
},
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.9"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/cilium/cilium",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
},
{
"introduced": "1.13.0"
},
Expand Down
34 changes: 3 additions & 31 deletions data/osv/GO-2023-1946.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,45 +20,17 @@
"type": "SEMVER",
"events": [
{
"introduced": "1.11.0"
"introduced": "1.0.0"
},
{
"fixed": "1.11.8"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
},
{
"introduced": "1.12.0"
},
{
"fixed": "1.12.6"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
},
{
"introduced": "1.13.0"
},
Expand Down
34 changes: 0 additions & 34 deletions data/osv/GO-2024-2784.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,40 +21,6 @@
"events": [
{
"introduced": "2.0.0+incompatible"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "2.1.0+incompatible"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "2.2.0+incompatible"
},
{
"fixed": "2.2.2+incompatible"
Expand Down
20 changes: 1 addition & 19 deletions data/reports/GO-2022-0617.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,24 +1,6 @@
id: GO-2022-0617
modules:
- module: k8s.io/kubernetes
unsupported_versions:
- last_affected: 1.18.19
vulnerable_at: 1.31.0
- module: k8s.io/kubernetes
versions:
- introduced: 1.19.0
unsupported_versions:
- last_affected: 1.19.11
vulnerable_at: 1.31.0
- module: k8s.io/kubernetes
versions:
- introduced: 1.20.0
unsupported_versions:
- last_affected: 1.20.7
vulnerable_at: 1.31.0
- module: k8s.io/kubernetes
versions:
- introduced: 1.21.0
unsupported_versions:
- last_affected: 1.21.1
vulnerable_at: 1.31.0
Expand All @@ -42,7 +24,7 @@ references:
- web: https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY
- web: https://security.netapp.com/advisory/ntap-20220225-0002
notes:
- fix: 'module merge error: could not merge versions of module k8s.io/kubernetes: introduced and fixed versions must alternate'
- manually collapsed version ranges
source:
id: GHSA-qh36-44jv-c8xj
created: 2024-08-20T14:08:01.48392-04:00
Expand Down
Loading

0 comments on commit 37e2de0

Please sign in to comment.