data/reports: review GO-2022-0828

tatianab · gopherbot · commit 71259c6095af · 2024-12-12T12:32:49.000-08:00
- data/reports/GO-2022-0828.yaml Fixes #828 Change-Id: I46dbeebd8db6744d065ad3f632fbb258cbd04ce7 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/635696 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
diff --git a/data/osv/GO-2022-0828.json b/data/osv/GO-2022-0828.json
@@ -28,18 +28,24 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/containers/buildah/imagebuildah",
+            "symbols": [
+              "downloadToDirectory",
+              "stdinToDirectory"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://github.com/advisories/GHSA-fx8w-mjvm-hvpc"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696"
-    },
     {
       "type": "FIX",
       "url": "https://github.com/containers/buildah/pull/2245"
@@ -59,6 +65,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2022-0828",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2022-0828.yaml b/data/reports/GO-2022-0828.yaml
@@ -4,20 +4,24 @@ modules:
       versions:
         - fixed: 1.14.4
       vulnerable_at: 1.14.3
+      packages:
+        - package: github.com/containers/buildah/imagebuildah
+          symbols:
+            - downloadToDirectory
+            - stdinToDirectory
 summary: Path Traversal in Buildah in github.com/containers/buildah
 cves:
     - CVE-2020-10696
 ghsas:
     - GHSA-fx8w-mjvm-hvpc
 references:
     - advisory: https://github.com/advisories/GHSA-fx8w-mjvm-hvpc
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10696
     - fix: https://github.com/containers/buildah/pull/2245
     - web: https://access.redhat.com/security/cve/cve-2020-10696
     - web: https://bugzilla.redhat.com/show_bug.cgi?id=1817651
     - web: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696
 source:
     id: GHSA-fx8w-mjvm-hvpc
-    created: 2024-08-20T14:20:12.337951-04:00
-review_status: NEEDS_REVIEW
+    created: 2024-12-12T12:49:21.996818-05:00
+review_status: REVIEWED
 unexcluded: NOT_IMPORTABLE

Original file line number	Diff line number	Diff line change
`@@ -28,18 +28,24 @@`
`28`	`28`	`]`
`29`	`29`	`}`
`30`	`30`	`],`
`31`		`- "ecosystem_specific": {}`
	`31`	`+ "ecosystem_specific": {`
	`32`	`+ "imports": [`
	`33`	`+ {`
	`34`	`+ "path": "github.com/containers/buildah/imagebuildah",`
	`35`	`+ "symbols": [`
	`36`	`+ "downloadToDirectory",`
	`37`	`+ "stdinToDirectory"`
	`38`	`+ ]`
	`39`	`+ }`
	`40`	`+ ]`
	`41`	`+ }`
`32`	`42`	`}`
`33`	`43`	`],`
`34`	`44`	`"references": [`
`35`	`45`	`{`
`36`	`46`	`"type": "ADVISORY",`
`37`	`47`	`"url": "https://github.com/advisories/GHSA-fx8w-mjvm-hvpc"`
`38`	`48`	`},`
`39`		`- {`
`40`		`- "type": "ADVISORY",`
`41`		`- "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10696"`
`42`		`- },`
`43`	`49`	`{`
`44`	`50`	`"type": "FIX",`
`45`	`51`	`"url": "https://github.com/containers/buildah/pull/2245"`
`@@ -59,6 +65,6 @@`
`59`	`65`	`],`
`60`	`66`	`"database_specific": {`
`61`	`67`	`"url": "https://pkg.go.dev/vuln/GO-2022-0828",`
`62`		`- "review_status": "UNREVIEWED"`
	`68`	`+ "review_status": "REVIEWED"`
`63`	`69`	`}`
`64`	`70`	`}`