From e5f3b25b2c4571b068f69b8dcff3471719f959a0 Mon Sep 17 00:00:00 2001 From: Zvonimir Pavlinovic Date: Thu, 12 Sep 2024 21:48:31 +0000 Subject: [PATCH] data/reports: update GO-2024-2606 - data/reports/GO-2024-2606.yaml Updates golang/vulndb#2606 Updates golang/go#69392 Change-Id: I32da7de9925de3bdea645dcc2ce1c9263941252d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/612875 Reviewed-by: Tatiana Bradley LUCI-TryBot-Result: Go LUCI Auto-Submit: Zvonimir Pavlinovic --- data/osv/GO-2024-2606.json | 27 +++++++++++++++++++++++++++ data/reports/GO-2024-2606.yaml | 8 ++++++++ 2 files changed, 35 insertions(+) diff --git a/data/osv/GO-2024-2606.json b/data/osv/GO-2024-2606.json index 8a3ffe1f..bbd544d9 100644 --- a/data/osv/GO-2024-2606.json +++ b/data/osv/GO-2024-2606.json @@ -99,6 +99,33 @@ ] } }, + { + "package": { + "name": "github.com/jackc/pgx", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + } + ] + } + ], + "ecosystem_specific": { + "imports": [ + { + "path": "github.com/jackc/pgx/internal/sanitize", + "symbols": [ + "Query.Sanitize", + "SanitizeSQL" + ] + } + ] + } + }, { "package": { "name": "github.com/jackc/pgx/v4", diff --git a/data/reports/GO-2024-2606.yaml b/data/reports/GO-2024-2606.yaml index fc5c61d5..e77c3d03 100644 --- a/data/reports/GO-2024-2606.yaml +++ b/data/reports/GO-2024-2606.yaml @@ -67,6 +67,14 @@ modules: - main fix_links: - https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007 + - module: github.com/jackc/pgx + vulnerable_at: 3.6.2+incompatible + packages: + - package: github.com/jackc/pgx/internal/sanitize + symbols: + - Query.Sanitize + derived_symbols: + - SanitizeSQL - module: github.com/jackc/pgx/v4 versions: - fixed: 4.18.2