data/reports: review GO-2024-3188

  - data/reports/GO-2024-3188.yaml

Fixes #3188
Fixes #3389

Change-Id: Ia109c860efc921de262e99bdb48275ee2ae28d92
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/645256
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>

Author: tatianab

data/osv/GO-2024-3188.json

@@ -21,6 +21,9 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "0.3.6"
             }
           ]
         }
@@ -32,18 +35,10 @@
     {
       "type": "ADVISORY",
       "url": "https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2"
-    },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9312"
-    },
-    {
-      "type": "ADVISORY",
-      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9312"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-3188",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }

data/reports/GO-2024-3188.yaml

@@ -1,19 +1,17 @@
 id: GO-2024-3188
 modules:
     - module: github.com/ubuntu/authd
-      unsupported_versions:
-        - last_affected: 0.0.0-20230706090440-d8cb2d561419
-      vulnerable_at: 0.0.0-20230706090440-d8cb2d561419
+      versions:
+        - fixed: 0.3.6
+      vulnerable_at: 0.3.5
 summary: Authd allows attacker-controlled usernames to yield controllable UIDs in github.com/ubuntu/authd
 cves:
     - CVE-2024-9312
 ghsas:
     - GHSA-4gfw-wf7c-w6g2
 references:
     - advisory: https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-9312
-    - advisory: https://www.cve.org/CVERecord?id=CVE-2024-9312
 source:
     id: GHSA-4gfw-wf7c-w6g2
-    created: 2024-10-11T10:16:08.934095-04:00
-review_status: UNREVIEWED
+    created: 2025-01-29T09:47:20.814811-05:00
+review_status: REVIEWED