data: preserve cve references for some reports

Change-Id: Ifbd6abd25190afcc136f4d8294fd3302582e1f8f Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/526266 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
golang · Sep 11, 2023 · 66fdb21 · 66fdb21
1 parent 24e908f
commit 66fdb21
Show file tree

Hide file tree

Showing 22 changed files with 88 additions and 13 deletions.
diff --git a/data/cve/v5/GO-2022-0956.json b/data/cve/v5/GO-2022-0956.json
@@ -75,6 +75,18 @@
         },
         {
           "url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/"
         }
       ]
     }

diff --git a/data/cve/v5/GO-2022-1144.json b/data/cve/v5/GO-2022-1144.json
@@ -128,6 +128,18 @@
         },
         {
           "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1495.json b/data/cve/v5/GO-2023-1495.json
@@ -60,6 +60,12 @@
         },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-1495"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1839.json b/data/cve/v5/GO-2023-1839.json
@@ -64,6 +64,9 @@
         },
         {
           "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1840.json b/data/cve/v5/GO-2023-1840.json
@@ -64,6 +64,9 @@
         },
         {
           "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1841.json b/data/cve/v5/GO-2023-1841.json
@@ -64,6 +64,9 @@
         },
         {
           "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1842.json b/data/cve/v5/GO-2023-1842.json
@@ -85,6 +85,9 @@
         },
         {
           "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/"
+        },
+        {
+          "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1878.json b/data/cve/v5/GO-2023-1878.json
@@ -111,6 +111,9 @@
         },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-1878"
+        },
+        {
+          "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1987.json b/data/cve/v5/GO-2023-1987.json
@@ -99,6 +99,9 @@
         },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-1987"
+        },
+        {
+          "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1989.json b/data/cve/v5/GO-2023-1989.json
@@ -63,6 +63,9 @@
         },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-1989"
+        },
+        {
+          "url": "https://security.netapp.com/advisory/ntap-20230831-0009/"
         }
       ],
       "credits": [

diff --git a/data/cve/v5/GO-2023-1990.json b/data/cve/v5/GO-2023-1990.json
@@ -63,6 +63,9 @@
         },
         {
           "url": "https://pkg.go.dev/vuln/GO-2023-1990"
+        },
+        {
+          "url": "https://security.netapp.com/advisory/ntap-20230831-0009/"
         }
       ],
       "credits": [

diff --git a/data/reports/GO-2022-0956.yaml b/data/reports/GO-2022-0956.yaml
@@ -29,3 +29,7 @@ cve_metadata:
     cwe: 'CWE 400: Uncontrolled Resource Consumption'
     references:
         - https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
diff --git a/data/reports/GO-2022-1144.yaml b/data/reports/GO-2022-1144.yaml
@@ -55,4 +55,7 @@ cve_metadata:
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/
-
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/
diff --git a/data/reports/GO-2023-1495.yaml b/data/reports/GO-2023-1495.yaml
@@ -28,3 +28,6 @@ references:
 cve_metadata:
     id: CVE-2022-41721
     cwe: 'CWE 444: Inconsistent Interpretation of HTTP Requests ("HTTP Request/Response Smuggling)'
+    references:
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/X3H3EWQXM2XL5AGBX6UL443JEJ3GQXJN/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/X5DXTLLWN6HKI5I35EUZRBISTNZJ75GP/
diff --git a/data/reports/GO-2023-1839.yaml b/data/reports/GO-2023-1839.yaml
@@ -28,3 +28,4 @@ cve_metadata:
     cwe: 'CWE-94: Improper Control of Generation of Code (''Code Injection'')'
     references:
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
diff --git a/data/reports/GO-2023-1840.yaml b/data/reports/GO-2023-1840.yaml
@@ -30,3 +30,4 @@ cve_metadata:
     cwe: 'CWE-642: External Control of Critical State Data'
     references:
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
diff --git a/data/reports/GO-2023-1841.yaml b/data/reports/GO-2023-1841.yaml
@@ -29,3 +29,4 @@ cve_metadata:
     cwe: 'CWE-94: Improper Control of Generation of Code ("Code Injection")'
     references:
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
diff --git a/data/reports/GO-2023-1842.yaml b/data/reports/GO-2023-1842.yaml
@@ -30,3 +30,4 @@ cve_metadata:
     cwe: 'CWE-88: Improper Neutralization of Argument Delimiters in a Command (''Argument Injection'')'
     references:
         - https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/
+        - https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/
diff --git a/data/reports/GO-2023-1878.yaml b/data/reports/GO-2023-1878.yaml
@@ -43,3 +43,5 @@ references:
 cve_metadata:
     id: CVE-2023-29406
     cwe: 'CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (''HTTP Request/Response Splitting'')'
+    references:
+        - https://security.netapp.com/advisory/ntap-20230814-0002/
diff --git a/data/reports/GO-2023-1987.yaml b/data/reports/GO-2023-1987.yaml
@@ -27,8 +27,8 @@ description: |-
     Extremely large RSA keys in certificate chains can cause a client/server to
     expend significant CPU time verifying signatures.
 
-    With fix, the size of RSA keys transmitted during handshakes is
-    restricted to <= 8192 bits.
+    With fix, the size of RSA keys transmitted during handshakes is restricted to <=
+    8192 bits.
 
     Based on a survey of publicly trusted RSA keys, there are currently only three
     certificates in circulation with keys larger than this, and all three appear to
@@ -45,3 +45,5 @@ references:
 cve_metadata:
     id: CVE-2023-29409
     cwe: 'CWE-400: Uncontrolled Resource Consumption'
+    references:
+        - https://security.netapp.com/advisory/ntap-20230831-0010/
diff --git a/data/reports/GO-2023-1989.yaml b/data/reports/GO-2023-1989.yaml
@@ -13,12 +13,10 @@ modules:
             - DecodeConfig
 summary: Excessive resource consumption in golang.org/x/image/tiff
 description: |-
-    The TIFF decoder does not place a limit on the size of
-    compressed tile data. A maliciously-crafted image can
-    exploit this to cause a small image (both in terms of
-    pixel width/height, and encoded size) to make the decoder
-    decode large amounts of compressed data, consuming
-    excessive memory and CPU.
+    The TIFF decoder does not place a limit on the size of compressed tile data. A
+    maliciously-crafted image can exploit this to cause a small image (both in terms
+    of pixel width/height, and encoded size) to make the decoder decode large
+    amounts of compressed data, consuming excessive memory and CPU.
 credits:
     - Philippe Antoine (Catena cyber)
 references:
@@ -27,3 +25,5 @@ references:
 cve_metadata:
     id: CVE-2023-29408
     cwe: 'CWE-770: Allocation of Resources Without Limits or Throttling'
+    references:
+        - https://security.netapp.com/advisory/ntap-20230831-0009/
diff --git a/data/reports/GO-2023-1990.yaml b/data/reports/GO-2023-1990.yaml
@@ -11,13 +11,14 @@ modules:
           derived_symbols:
             - Decode
             - DecodeConfig
-summary: Excessive CPU consumption when decoding 0-height images in golang.org/x/image/tiff
+summary: |-
+    Excessive CPU consumption when decoding 0-height images in
+    golang.org/x/image/tiff
 description: |-
     A maliciously-crafted image can cause excessive CPU consumption in decoding.
 
-    A tiled image with a height of 0 and a very large width can cause
-    excessive CPU consumption, despite the image size (width * height)
-    appearing to be zero.
+    A tiled image with a height of 0 and a very large width can cause excessive CPU
+    consumption, despite the image size (width * height) appearing to be zero.
 credits:
     - Philippe Antoine (Catena cyber)
 references:
@@ -26,3 +27,5 @@ references:
 cve_metadata:
     id: CVE-2023-29407
     cwe: 'CWE-834: Excessive Iteration'
+    references:
+        - https://security.netapp.com/advisory/ntap-20230831-0009/
-Original file line number
+Diff line change
@@ Expand Up / @@ -64,6 +64,9 @@ @@
             },
             {
               "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/"
+            },
+            {
+              "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/"
             }
           ],
           "credits": [
@@ Expand Down @@