data/reports: fix GO-2021-0085.yaml

Add vulnerable_at, symbols, and fix packages Aliases: CVE-2019-16884, GHSA-fgv8-vj5c-2ppq Updates #85 Change-Id: I38fafcb65c74a36cde3add37858ea3fbd606ae51 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463682 Reviewed-by: Tatiana Bradley <tatianabradley@google.com> Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tim King <taking@google.com>
golang · Jan 31, 2023 · a7f50fe · a7f50fe
1 parent 1a1bb5a
commit a7f50fe
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/data/osv/GO-2021-0085.json b/data/osv/GO-2021-0085.json
@@ -32,7 +32,16 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/opencontainers/runc/libcontainer"
+            "path": "github.com/opencontainers/runc/libcontainer/apparmor",
+            "symbols": [
+              "ApplyProfile"
+            ]
+          },
+          {
+            "path": "github.com/opencontainers/runc/libcontainer/utils",
+            "symbols": [
+              "CloseExecFrom"
+            ]
           }
         ]
       }
@@ -61,7 +70,11 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/opencontainers/selinux/go-selinux"
+            "path": "github.com/opencontainers/selinux/go-selinux",
+            "symbols": [
+              "readCon",
+              "writeCon"
+            ]
           }
         ]
       }
@@ -76,6 +89,10 @@
       "type": "FIX",
       "url": "https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4"
     },
+    {
+      "type": "FIX",
+      "url": "https://github.com/opencontainers/selinux/commit/03b517dc4fd57245b1cf506e8ba7b817b6d309da"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/opencontainers/runc/issues/2128"

diff --git a/data/reports/GO-2021-0085.yaml b/data/reports/GO-2021-0085.yaml
@@ -2,13 +2,22 @@ modules:
   - module: github.com/opencontainers/runc
     versions:
       - fixed: 1.0.0-rc8.0.20190930145003-cad42f6e0932
+    vulnerable_at: 1.0.0-rc8
     packages:
-      - package: github.com/opencontainers/runc/libcontainer
+      - package: github.com/opencontainers/runc/libcontainer/apparmor
+        symbols:
+          - ApplyProfile
+      - package: github.com/opencontainers/runc/libcontainer/utils
+        symbols:
+          - CloseExecFrom
   - module: github.com/opencontainers/selinux
     versions:
       - fixed: 1.3.1-0.20190929122143-5215b1806f52
     packages:
       - package: github.com/opencontainers/selinux/go-selinux
+        symbols:
+          - readCon
+          - writeCon
 description: |
     AppArmor restrictions may be bypassed due to improper validation of mount
     targets, allowing a malicious image to mount volumes over e.g. /proc.
@@ -21,4 +30,5 @@ credit: Leopold Schabel
 references:
   - fix: https://github.com/opencontainers/runc/pull/2130
   - fix: https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4
+  - fix: https://github.com/opencontainers/selinux/commit/03b517dc4fd57245b1cf506e8ba7b817b6d309da
   - web: https://github.com/opencontainers/runc/issues/2128