From a7f50feb26f07bfc845f760ac5fd86e115ae47ba Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Thu, 19 Jan 2023 18:11:32 +0000
Subject: [PATCH] data/reports: fix GO-2021-0085.yaml

Add vulnerable_at, symbols, and fix packages

Aliases: CVE-2019-16884, GHSA-fgv8-vj5c-2ppq

Updates golang/vulndb#85

Change-Id: I38fafcb65c74a36cde3add37858ea3fbd606ae51
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/463682
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Tim King <taking@google.com>
---
 data/osv/GO-2021-0085.json     | 21 +++++++++++++++++++--
 data/reports/GO-2021-0085.yaml | 12 +++++++++++-
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/data/osv/GO-2021-0085.json b/data/osv/GO-2021-0085.json
index eb90a87d..a9a5b419 100644
--- a/data/osv/GO-2021-0085.json
+++ b/data/osv/GO-2021-0085.json
@@ -32,7 +32,16 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/opencontainers/runc/libcontainer"
+            "path": "github.com/opencontainers/runc/libcontainer/apparmor",
+            "symbols": [
+              "ApplyProfile"
+            ]
+          },
+          {
+            "path": "github.com/opencontainers/runc/libcontainer/utils",
+            "symbols": [
+              "CloseExecFrom"
+            ]
           }
         ]
       }
@@ -61,7 +70,11 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/opencontainers/selinux/go-selinux"
+            "path": "github.com/opencontainers/selinux/go-selinux",
+            "symbols": [
+              "readCon",
+              "writeCon"
+            ]
           }
         ]
       }
@@ -76,6 +89,10 @@
       "type": "FIX",
       "url": "https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4"
     },
+    {
+      "type": "FIX",
+      "url": "https://github.com/opencontainers/selinux/commit/03b517dc4fd57245b1cf506e8ba7b817b6d309da"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/opencontainers/runc/issues/2128"
diff --git a/data/reports/GO-2021-0085.yaml b/data/reports/GO-2021-0085.yaml
index d0ce5dc7..ed4eca84 100644
--- a/data/reports/GO-2021-0085.yaml
+++ b/data/reports/GO-2021-0085.yaml
@@ -2,13 +2,22 @@ modules:
   - module: github.com/opencontainers/runc
     versions:
       - fixed: 1.0.0-rc8.0.20190930145003-cad42f6e0932
+    vulnerable_at: 1.0.0-rc8
     packages:
-      - package: github.com/opencontainers/runc/libcontainer
+      - package: github.com/opencontainers/runc/libcontainer/apparmor
+        symbols:
+          - ApplyProfile
+      - package: github.com/opencontainers/runc/libcontainer/utils
+        symbols:
+          - CloseExecFrom
   - module: github.com/opencontainers/selinux
     versions:
       - fixed: 1.3.1-0.20190929122143-5215b1806f52
     packages:
       - package: github.com/opencontainers/selinux/go-selinux
+        symbols:
+          - readCon
+          - writeCon
 description: |
     AppArmor restrictions may be bypassed due to improper validation of mount
     targets, allowing a malicious image to mount volumes over e.g. /proc.
@@ -21,4 +30,5 @@ credit: Leopold Schabel
 references:
   - fix: https://github.com/opencontainers/runc/pull/2130
   - fix: https://github.com/opencontainers/runc/commit/cad42f6e0932db0ce08c3a3d9e89e6063ec283e4
+  - fix: https://github.com/opencontainers/selinux/commit/03b517dc4fd57245b1cf506e8ba7b817b6d309da
   - web: https://github.com/opencontainers/runc/issues/2128