{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":358583814,"defaultBranch":"master","name":"vulndb","ownerLogin":"golang","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-04-16T11:56:49.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/4314092?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1710371180.0","currentOid":""},"activityList":{"items":[{"before":"4dfc374b65af63fdee77030c8f364cf15737b7c5","after":"fab13c96e68ad48b9bdd07402fd936a1ad3318ac","ref":"refs/heads/master","pushedAt":"2024-06-10T16:39:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/excluded: add 2 excluded reports\n\n - data/excluded/GO-2024-2686.yaml\n - data/excluded/GO-2024-2708.yaml\n\nFixes golang/vulndb#2686\nFixes golang/vulndb#2708\n\nChange-Id: I27e3a0c5cad74994dcea13a1dce4cdf585650dc4\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591203\nCommit-Queue: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"data/excluded: add 2 excluded reports"}},{"before":"f74ecab81b4efd22da74a07170a1eeefb5ebae2e","after":"4dfc374b65af63fdee77030c8f364cf15737b7c5","ref":"refs/heads/master","pushedAt":"2024-06-10T16:39:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 9 unreviewed reports\n\nAdds some unreviewed reports that needed small manual edits\nto pass lint checks.\n\n - data/reports/GO-2024-2731.yaml\n - data/reports/GO-2024-2753.yaml\n - data/reports/GO-2024-2768.yaml\n - data/reports/GO-2024-2778.yaml\n - data/reports/GO-2024-2780.yaml\n - data/reports/GO-2024-2784.yaml\n - data/reports/GO-2024-2801.yaml\n - data/reports/GO-2024-2815.yaml\n - data/reports/GO-2024-2858.yaml\n\nFixes golang/vulndb#2731\nFixes golang/vulndb#2753\nFixes golang/vulndb#2768\nFixes golang/vulndb#2778\nFixes golang/vulndb#2780\nFixes golang/vulndb#2784\nFixes golang/vulndb#2801\nFixes golang/vulndb#2815\nFixes golang/vulndb#2858\n\nChange-Id: Iac9abf51e35220e8133a43606b2709e949c9ada3\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591202\nCommit-Queue: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"data/reports: add 9 unreviewed reports"}},{"before":"afddd60f5af06213e5d65adc62c60dd5cee922ed","after":"f74ecab81b4efd22da74a07170a1eeefb5ebae2e","ref":"refs/heads/master","pushedAt":"2024-06-10T16:39:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 5 unreviewed reports\n\n - data/reports/GO-2024-2612.yaml\n - data/reports/GO-2024-2684.yaml\n - data/reports/GO-2024-2699.yaml\n - data/reports/GO-2024-2776.yaml\n - data/reports/GO-2024-2769.yaml\n\nFixes golang/vulndb#2612\nFixes golang/vulndb#2684\nFixes golang/vulndb#2699\nFixes golang/vulndb#2776\nFixes golang/vulndb#2769\n\nChange-Id: I233aeca23f767773c1238eeec2450617801ae69b\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591199\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil \nCommit-Queue: Tatiana Bradley ","shortMessageHtmlLink":"data/reports: add 5 unreviewed reports"}},{"before":"32ab29ebcee7384a330e11f30265df22324ccf48","after":"afddd60f5af06213e5d65adc62c60dd5cee922ed","ref":"refs/heads/master","pushedAt":"2024-06-10T16:38:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: remove packages and bad URLs for unreviewed reports\n\nWhen creating unreviewed reports, automatically remove references\nthat do not exist.\n\nAlso remove package-level data, as it can cause false-negatives\nif it is not correct.\n\n(For reviewed reports, we preserve these pieces of info as a human\nwill review them and manually determine if they are useful).\n\nChange-Id: I2ff6bde62320d2f56f9d5a67ef438f4cafbaf6e5\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591200\nLUCI-TryBot-Result: Go LUCI \nCommit-Queue: Tatiana Bradley \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"cmd/vulnreport: remove packages and bad URLs for unreviewed reports"}},{"before":"bb0f94bba9c435cdca664ac4b431471183a74e93","after":"32ab29ebcee7384a330e11f30265df22324ccf48","ref":"refs/heads/master","pushedAt":"2024-06-10T16:38:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/cve5: remove malformed packages in CVE5-to-report\n\nIf a package name doesn't have any slashes, it is probably not useful,\nso remove it when creating a report.\n\nChange-Id: I5ad653f0870853ad992b4162a115b94ce703c2e1\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591198\nReviewed-by: Damien Neil \nCommit-Queue: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/cve5: remove malformed packages in CVE5-to-report"}},{"before":"9fdd0f7322c2cf757c1c4e8df059e468ce2cfee7","after":"bb0f94bba9c435cdca664ac4b431471183a74e93","ref":"refs/heads/master","pushedAt":"2024-06-10T16:38:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/{cve4,cve5}: keep track of lints that apply to generated test reports\n\nIn test cases, remember the lints that would apply to each generated\nreport. This makes it more clear which reports have errors that would\nneed to be fixed manually in order to submit, and gives us a starting\npoint from which to automatically address these lints.\n\nChange-Id: Ifdf3f60edd7606d87b507c6b6ff147c19ad894a2\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591197\nCommit-Queue: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"internal/{cve4,cve5}: keep track of lints that apply to generated tes…"}},{"before":"eec3f2aed84c431286a7f279e8901bd78309d1ae","after":"9fdd0f7322c2cf757c1c4e8df059e468ce2cfee7","ref":"refs/heads/master","pushedAt":"2024-06-10T16:38:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/cve5: add additional test cases for CVE5-to-report\n\nAdd some more test cases for real CVEs that reveal issues\nwith our report creation process (e.g., preserving package names\nthat are malformed, dropping reference metadata, and being unable\nto recognize a vuln that doesn't actually affect Go.)\n\nThis gives us a starting point from which to fix these issues.\n\n(Note that this CL also updates all the test cases to the latest\navailable CVE content and updates the proxy responses, so there are\nsome updates to test cases unrelated to this change.)\n\nChange-Id: Id4d8c87021b9077f042c0029ec7f1655f871df46\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591196\nCommit-Queue: Tatiana Bradley \nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/cve5: add additional test cases for CVE5-to-report"}},{"before":"f159766da688930a69e8570dca9b5165448c71e4","after":"eec3f2aed84c431286a7f279e8901bd78309d1ae","ref":"refs/heads/master","pushedAt":"2024-06-10T16:38:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: update and separate module prioritization code\n\nModify the prioritization algorithm so that it only considers the number\nof reviewed vs. likely-binary reports, instead of comparing the number\nof excluded vs. non-excluded reports. This means that the number of unreviewed\nreports does not (currently) affect the prioritization result.\n\nIn addition, separate the code used to prioritize modules (for vulnreport triage)\ninto its own package so it can be tested in isolation.\n\nAlso add a basic command line tool \"priority\" that can be used to find the\npriority result for a module directly.\n\nChange-Id: Ic7ebe76d8f5091f56bc3eb65a5064391136b2064\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591195\nLUCI-TryBot-Result: Go LUCI \nCommit-Queue: Tatiana Bradley \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"cmd/vulnreport: update and separate module prioritization code"}},{"before":"e7cc6860cca86c76e8c5ddf1fb366e3ced60d23f","after":"f159766da688930a69e8570dca9b5165448c71e4","ref":"refs/heads/master","pushedAt":"2024-06-10T16:19:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: add command vulnreport regen\n\nCommand vulnreport regen regenerates a report based on\nthe latest version of the source.\n\nIntended for UNREVIEWED reports.\n\nUse the following command to regenerate all unreviewed\nreports:\n$ vulnreport regen data/reports/*.yaml\n\nChange-Id: I3f956fde473b8375bd523049118d8f6817aad9ae\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590856\nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/vulnreport: add command vulnreport regen"}},{"before":"4a8a19ffff1308666df97dfab38aeef3d8356b0a","after":"e7cc6860cca86c76e8c5ddf1fb366e3ced60d23f","ref":"refs/heads/master","pushedAt":"2024-06-07T22:49:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/pkgsite: fix worker bug by relaxing rate limit\n\nThe vulndb worker was timing out due to a restrictive rate limit\nfor requests to pkgsite. Relax this rate limit as a quick fix.\n\nChange-Id: I1938c0e4182c476ac8d9472283534ace5681706a\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/591435\nAuto-Submit: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"internal/pkgsite: fix worker bug by relaxing rate limit"}},{"before":"f538f3837abad0c84cca201fa603cec76ceda149","after":"4a8a19ffff1308666df97dfab38aeef3d8356b0a","ref":"refs/heads/master","pushedAt":"2024-06-06T19:03:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/worker: fix an issue where worker won't restart\n\nFix a case where the worker refuses to restart if it thinks\n(incorrectly) that a previous update has not yet finished. (Because\nthe previous update errored).\n\nDo this by populating the EndedAt field of the UpdateRecord in\ncveUpdater.update on error as well as success.\n\nChange-Id: Ibc98f23b51da21397612479d539dfefe906acb8c\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/589996\nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Tatiana Bradley ","shortMessageHtmlLink":"internal/worker: fix an issue where worker won't restart"}},{"before":"c016f634dd968377193c8faf62f23f5500d455b4","after":"f538f3837abad0c84cca201fa603cec76ceda149","ref":"refs/heads/master","pushedAt":"2024-06-05T20:01:21.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/excluded: add 20 excluded reports\n\n - data/excluded/GO-2024-2884.yaml\n - data/excluded/GO-2024-2841.yaml\n - data/excluded/GO-2024-2840.yaml\n - data/excluded/GO-2024-2839.yaml\n - data/excluded/GO-2024-2838.yaml\n - data/excluded/GO-2024-2837.yaml\n - data/excluded/GO-2024-2835.yaml\n - data/excluded/GO-2024-2810.yaml\n - data/excluded/GO-2024-2805.yaml\n - data/excluded/GO-2024-2802.yaml\n - data/excluded/GO-2024-2767.yaml\n - data/excluded/GO-2024-2758.yaml\n - data/excluded/GO-2024-2742.yaml\n - data/excluded/GO-2024-2735.yaml\n - data/excluded/GO-2024-2733.yaml\n - data/excluded/GO-2024-2713.yaml\n - data/excluded/GO-2024-2711.yaml\n - data/excluded/GO-2024-2710.yaml\n - data/excluded/GO-2024-2573.yaml\n - data/excluded/GO-2024-2570.yaml\n\nFixes golang/vulndb#2884\nFixes golang/vulndb#2841\nFixes golang/vulndb#2840\nFixes golang/vulndb#2839\nFixes golang/vulndb#2838\nFixes golang/vulndb#2837\nFixes golang/vulndb#2835\nFixes golang/vulndb#2810\nFixes golang/vulndb#2805\nFixes golang/vulndb#2802\nFixes golang/vulndb#2767\nFixes golang/vulndb#2758\nFixes golang/vulndb#2742\nFixes golang/vulndb#2735\nFixes golang/vulndb#2733\nFixes golang/vulndb#2713\nFixes golang/vulndb#2711\nFixes golang/vulndb#2710\nFixes golang/vulndb#2573\nFixes golang/vulndb#2570\n\nChange-Id: Ib24b58abdf8d6793d3a0c066bed8f165d5f1eb28\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590855\nAuto-Submit: Tatiana Bradley \nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"data/excluded: add 20 excluded reports"}},{"before":"b19524065170472dcc572e17fdbf673c3ce77457","after":"c016f634dd968377193c8faf62f23f5500d455b4","ref":"refs/heads/master","pushedAt":"2024-06-05T17:18:44.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: fix two issues with triage\n\n1. Don't remove existing labels when triaging\n2. Skip issues already marked excluded when triaging\n\nChange-Id: I5e3fd3a614f56407d75c920202937b4534fe15c9\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590776\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"cmd/vulnreport: fix two issues with triage"}},{"before":"4e76d8778ef39729f6d6bda0ecbf7b70347eb0dd","after":"b19524065170472dcc572e17fdbf673c3ce77457","ref":"refs/heads/master","pushedAt":"2024-06-05T16:17:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: update GO-2024-2732\n\nfix spelling\n\n - data/reports/GO-2024-2732.yaml\n\nUpdates golang/vulndb#2732\n\nChange-Id: I04e15bf95cdf87b5cc22923a02ea3a2d8d503444\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590775\nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Tatiana Bradley \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"data/reports: update GO-2024-2732"}},{"before":"7ecfe86a75ed8e1333567f762b0d471a490200c8","after":"4e76d8778ef39729f6d6bda0ecbf7b70347eb0dd","ref":"refs/heads/master","pushedAt":"2024-06-05T15:11:19.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/excluded: add 3 excluded reports\n\n - data/excluded/GO-2024-2685.yaml\n - data/excluded/GO-2024-2786.yaml\n - data/excluded/GO-2024-2787.yaml\n\nFixes golang/vulndb#2685\nFixes golang/vulndb#2786\nFixes golang/vulndb#2787\n\nChange-Id: Iafa5b71e7328997d4e98abd72014e3a21c34e5b1\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590282\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"data/excluded: add 3 excluded reports"}},{"before":"8ed6db9e9907ecc5f1efb6ec03ded56ac4299287","after":"7ecfe86a75ed8e1333567f762b0d471a490200c8","ref":"refs/heads/master","pushedAt":"2024-06-05T15:11:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 6 unreviewed reports\n\n - data/reports/GO-2024-2755.yaml\n - data/reports/GO-2024-2759.yaml\n - data/reports/GO-2024-2770.yaml\n - data/reports/GO-2024-2775.yaml\n - data/reports/GO-2024-2777.yaml\n - data/reports/GO-2024-2783.yaml\n\nFixes golang/vulndb#2755\nFixes golang/vulndb#2759\nFixes golang/vulndb#2770\nFixes golang/vulndb#2775\nFixes golang/vulndb#2777\nFixes golang/vulndb#2783\n\nChange-Id: I388fd39e45ecb629bb8c72818b9082fdc6af4d65\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590281\nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"data/reports: add 6 unreviewed reports"}},{"before":"69991d5f635b35f850a5e46f8c61c4a991a39fff","after":"8ed6db9e9907ecc5f1efb6ec03ded56ac4299287","ref":"refs/heads/master","pushedAt":"2024-06-05T15:10:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 44 unreviewed reports\n\n - data/reports/GO-2024-2576.yaml\n - data/reports/GO-2024-2695.yaml\n - data/reports/GO-2024-2737.yaml\n - data/reports/GO-2024-2795.yaml\n - data/reports/GO-2024-2799.yaml\n - data/reports/GO-2024-2715.yaml\n - data/reports/GO-2024-2798.yaml\n - data/reports/GO-2024-2793.yaml\n - data/reports/GO-2024-2705.yaml\n - data/reports/GO-2024-2808.yaml\n - data/reports/GO-2024-2875.yaml\n - data/reports/GO-2024-2635.yaml\n - data/reports/GO-2024-2707.yaml\n - data/reports/GO-2024-2797.yaml\n - data/reports/GO-2024-2726.yaml\n - data/reports/GO-2024-2650.yaml\n - data/reports/GO-2024-2698.yaml\n - data/reports/GO-2024-2760.yaml\n - data/reports/GO-2024-2788.yaml\n - data/reports/GO-2024-2629.yaml\n - data/reports/GO-2024-2771.yaml\n - data/reports/GO-2024-2794.yaml\n - data/reports/GO-2024-2637.yaml\n - data/reports/GO-2024-2734.yaml\n - data/reports/GO-2024-2764.yaml\n - data/reports/GO-2024-2762.yaml\n - data/reports/GO-2024-2566.yaml\n - data/reports/GO-2024-2789.yaml\n - data/reports/GO-2024-2664.yaml\n - data/reports/GO-2024-2688.yaml\n - data/reports/GO-2024-2697.yaml\n - data/reports/GO-2024-2719.yaml\n - data/reports/GO-2024-2718.yaml\n - data/reports/GO-2024-2468.yaml\n - data/reports/GO-2024-2717.yaml\n - data/reports/GO-2024-2761.yaml\n - data/reports/GO-2024-2796.yaml\n - data/reports/GO-2024-2706.yaml\n - data/reports/GO-2024-2722.yaml\n - data/reports/GO-2024-2665.yaml\n - data/reports/GO-2024-2750.yaml\n - data/reports/GO-2024-2809.yaml\n - data/reports/GO-2024-2696.yaml\n - data/reports/GO-2024-2732.yaml\n\nFixes golang/vulndb#2576\nFixes golang/vulndb#2695\nFixes golang/vulndb#2737\nFixes golang/vulndb#2795\nFixes golang/vulndb#2799\nFixes golang/vulndb#2715\nFixes golang/vulndb#2798\nFixes golang/vulndb#2793\nFixes golang/vulndb#2705\nFixes golang/vulndb#2808\nFixes golang/vulndb#2875\nFixes golang/vulndb#2635\nFixes golang/vulndb#2707\nFixes golang/vulndb#2797\nFixes golang/vulndb#2726\nFixes golang/vulndb#2650\nFixes golang/vulndb#2698\nFixes golang/vulndb#2760\nFixes golang/vulndb#2788\nFixes golang/vulndb#2629\nFixes golang/vulndb#2771\nFixes golang/vulndb#2794\nFixes golang/vulndb#2637\nFixes golang/vulndb#2734\nFixes golang/vulndb#2764\nFixes golang/vulndb#2762\nFixes golang/vulndb#2566\nFixes golang/vulndb#2789\nFixes golang/vulndb#2664\nFixes golang/vulndb#2688\nFixes golang/vulndb#2697\nFixes golang/vulndb#2719\nFixes golang/vulndb#2718\nFixes golang/vulndb#2468\nFixes golang/vulndb#2717\nFixes golang/vulndb#2761\nFixes golang/vulndb#2796\nFixes golang/vulndb#2706\nFixes golang/vulndb#2722\nFixes golang/vulndb#2665\nFixes golang/vulndb#2750\nFixes golang/vulndb#2809\nFixes golang/vulndb#2696\nFixes golang/vulndb#2732\n\nChange-Id: I8f664cb56ccc1fbce1437179178f78fa3825a1c5\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590278\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"data/reports: add 44 unreviewed reports"}},{"before":"922b5d431313dfc36484b2bde4521c3b3af3c979","after":"69991d5f635b35f850a5e46f8c61c4a991a39fff","ref":"refs/heads/master","pushedAt":"2024-06-05T15:10:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 26 unreviewed reports\n\n - data/reports/GO-2024-2804.yaml\n - data/reports/GO-2024-2811.yaml\n - data/reports/GO-2024-2816.yaml\n - data/reports/GO-2024-2817.yaml\n - data/reports/GO-2024-2843.yaml\n - data/reports/GO-2024-2844.yaml\n - data/reports/GO-2024-2847.yaml\n - data/reports/GO-2024-2848.yaml\n - data/reports/GO-2024-2849.yaml\n - data/reports/GO-2024-2850.yaml\n - data/reports/GO-2024-2851.yaml\n - data/reports/GO-2024-2852.yaml\n - data/reports/GO-2024-2854.yaml\n - data/reports/GO-2024-2855.yaml\n - data/reports/GO-2024-2856.yaml\n - data/reports/GO-2024-2857.yaml\n - data/reports/GO-2024-2865.yaml\n - data/reports/GO-2024-2866.yaml\n - data/reports/GO-2024-2867.yaml\n - data/reports/GO-2024-2871.yaml\n - data/reports/GO-2024-2872.yaml\n - data/reports/GO-2024-2877.yaml\n - data/reports/GO-2024-2880.yaml\n - data/reports/GO-2024-2882.yaml\n - data/reports/GO-2024-2885.yaml\n - data/reports/GO-2024-2886.yaml\n\nFixes golang/vulndb#2804\nFixes golang/vulndb#2811\nFixes golang/vulndb#2816\nFixes golang/vulndb#2817\nFixes golang/vulndb#2843\nFixes golang/vulndb#2844\nFixes golang/vulndb#2847\nFixes golang/vulndb#2848\nFixes golang/vulndb#2849\nFixes golang/vulndb#2850\nFixes golang/vulndb#2851\nFixes golang/vulndb#2852\nFixes golang/vulndb#2854\nFixes golang/vulndb#2855\nFixes golang/vulndb#2856\nFixes golang/vulndb#2857\nFixes golang/vulndb#2865\nFixes golang/vulndb#2866\nFixes golang/vulndb#2867\nFixes golang/vulndb#2871\nFixes golang/vulndb#2872\nFixes golang/vulndb#2877\nFixes golang/vulndb#2880\nFixes golang/vulndb#2882\nFixes golang/vulndb#2885\nFixes golang/vulndb#2886\n\nChange-Id: Ia746865818b99c2d6bd37b287461693a53b892d8\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590277\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"data/reports: add 26 unreviewed reports"}},{"before":"2b1dca0b1c3619c4709a5e3d3bcc066a78d8ad9f","after":"922b5d431313dfc36484b2bde4521c3b3af3c979","ref":"refs/heads/master","pushedAt":"2024-06-05T15:10:03.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"all_test: allow duplicate summaries for unreviewed reports\n\nModify the corpus-wide report lint check to allow unreviewed reports\nto have the same summary as other (reviewed or unreviwed) reports.\n\nReviewed reports must still have unique summaries (but may share a summary\nwith one or more unreviewed reports).\n\nChange-Id: I8ab4fc259e019c0fb529ed0ef332cc9cfe634483\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590279\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"all_test: allow duplicate summaries for unreviewed reports"}},{"before":"5e320d4472b2fadd5e75fb77c683d7b127d35bcf","after":"2b1dca0b1c3619c4709a5e3d3bcc066a78d8ad9f","ref":"refs/heads/master","pushedAt":"2024-06-04T22:49:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 2 stdlib reports\n\n - data/reports/GO-2024-2887.yaml\n - data/reports/GO-2024-2888.yaml\n\nUpdates golang/vulndb#2887\nUpdates golang/vulndb#2888\n\nChange-Id: I86227776f185481f018c28d798b2cde4ce02faa1\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590655\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil \nAuto-Submit: Tatiana Bradley ","shortMessageHtmlLink":"data/reports: add 2 stdlib reports"}},{"before":"a79df1ecd0cb2eac7de84e5aefa5e61a7b5d1fd4","after":"5e320d4472b2fadd5e75fb77c683d7b127d35bcf","ref":"refs/heads/master","pushedAt":"2024-06-04T20:20:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I46082ab056d3f219438727b4ca5f92e018f4904c\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590458\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Than McIntosh \nReviewed-by: Dmitri Shuralyov \nAuto-Submit: Gopher Robot ","shortMessageHtmlLink":"go.mod: update golang.org/x dependencies"}},{"before":"27393c79fa19aee106535d946c6afe83b1531a95","after":"a79df1ecd0cb2eac7de84e5aefa5e61a7b5d1fd4","ref":"refs/heads/master","pushedAt":"2024-06-04T18:05:47.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/worker: improve tests for cve update\n\nAdd tests to check contents of the update record and for error\ncases. This is to prep for a change to this function's behavior.\n\nChange-Id: I9380f661725aa4a50db0691906d3d6a5a925f8d1\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/589995\nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Tatiana Bradley \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"internal/worker: improve tests for cve update"}},{"before":"a78aa7f94fcde55cb49eb443f0a11d1c515b7176","after":"27393c79fa19aee106535d946c6afe83b1531a95","ref":"refs/heads/master","pushedAt":"2024-06-04T16:32:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: update GO-2024-2727\n\n - data/reports/GO-2024-2727.yaml\n\nUpdates golang/vulndb#2727\n\nChange-Id: I3e97285dd3613c9016fa85e3303125d151052408\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590275\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Tatiana Bradley ","shortMessageHtmlLink":"data/reports: update GO-2024-2727"}},{"before":"96f0f48a7e730dbffce8767252da4ae4fca1da56","after":"a78aa7f94fcde55cb49eb443f0a11d1c515b7176","ref":"refs/heads/master","pushedAt":"2024-06-04T16:09:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: update GO-2024-2727\n\nFix misspelling which is blocking deploy.\n\n - data/reports/GO-2024-2727.yaml\n\nUpdates golang/vulndb#2727\n\nChange-Id: Idb651a01f3109b6ca6262a01f3e2616234d068d7\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590255\nAuto-Submit: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"data/reports: update GO-2024-2727"}},{"before":"c3c93c09d39bfbbbe6813c28e0fcca8bc74cae17","after":"96f0f48a7e730dbffce8767252da4ae4fca1da56","ref":"refs/heads/master","pushedAt":"2024-06-04T15:19:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"data/reports: add 51 unreviewed reports\n\nAdd 51 completely auto-generated reports.\n\n - data/reports/GO-2024-2647.yaml\n - data/reports/GO-2024-2728.yaml\n - data/reports/GO-2024-2568.yaml\n - data/reports/GO-2024-2569.yaml\n - data/reports/GO-2024-2597.yaml\n - data/reports/GO-2024-2756.yaml\n - data/reports/GO-2024-2765.yaml\n - data/reports/GO-2024-2853.yaml\n - data/reports/GO-2024-2860.yaml\n - data/reports/GO-2024-2785.yaml\n - data/reports/GO-2024-2579.yaml\n - data/reports/GO-2024-2747.yaml\n - data/reports/GO-2024-2645.yaml\n - data/reports/GO-2024-2723.yaml\n - data/reports/GO-2024-2690.yaml\n - data/reports/GO-2024-2766.yaml\n - data/reports/GO-2024-2863.yaml\n - data/reports/GO-2024-2641.yaml\n - data/reports/GO-2024-2754.yaml\n - data/reports/GO-2024-2846.yaml\n - data/reports/GO-2024-2580.yaml\n - data/reports/GO-2024-2791.yaml\n - data/reports/GO-2024-2859.yaml\n - data/reports/GO-2024-2752.yaml\n - data/reports/GO-2024-2779.yaml\n - data/reports/GO-2024-2636.yaml\n - data/reports/GO-2024-2675.yaml\n - data/reports/GO-2024-2727.yaml\n - data/reports/GO-2024-2689.yaml\n - data/reports/GO-2024-2803.yaml\n - data/reports/GO-2024-2648.yaml\n - data/reports/GO-2024-2792.yaml\n - data/reports/GO-2024-2861.yaml\n - data/reports/GO-2024-2644.yaml\n - data/reports/GO-2024-2741.yaml\n - data/reports/GO-2024-2692.yaml\n - data/reports/GO-2024-2575.yaml\n - data/reports/GO-2024-2729.yaml\n - data/reports/GO-2024-2757.yaml\n - data/reports/GO-2024-2649.yaml\n - data/reports/GO-2024-2763.yaml\n - data/reports/GO-2024-2703.yaml\n - data/reports/GO-2024-2716.yaml\n - data/reports/GO-2024-2642.yaml\n - data/reports/GO-2024-2704.yaml\n - data/reports/GO-2024-2578.yaml\n - data/reports/GO-2024-2814.yaml\n - data/reports/GO-2024-2581.yaml\n - data/reports/GO-2024-2836.yaml\n - data/reports/GO-2024-2701.yaml\n - data/reports/GO-2024-2746.yaml\n\nFixes golang/vulndb#2647\nFixes golang/vulndb#2728\nFixes golang/vulndb#2568\nFixes golang/vulndb#2569\nFixes golang/vulndb#2597\nFixes golang/vulndb#2756\nFixes golang/vulndb#2765\nFixes golang/vulndb#2853\nFixes golang/vulndb#2860\nFixes golang/vulndb#2785\nFixes golang/vulndb#2579\nFixes golang/vulndb#2747\nFixes golang/vulndb#2645\nFixes golang/vulndb#2723\nFixes golang/vulndb#2690\nFixes golang/vulndb#2766\nFixes golang/vulndb#2863\nFixes golang/vulndb#2641\nFixes golang/vulndb#2754\nFixes golang/vulndb#2846\nFixes golang/vulndb#2580\nFixes golang/vulndb#2791\nFixes golang/vulndb#2859\nFixes golang/vulndb#2752\nFixes golang/vulndb#2779\nFixes golang/vulndb#2636\nFixes golang/vulndb#2675\nFixes golang/vulndb#2727\nFixes golang/vulndb#2689\nFixes golang/vulndb#2803\nFixes golang/vulndb#2648\nFixes golang/vulndb#2792\nFixes golang/vulndb#2861\nFixes golang/vulndb#2644\nFixes golang/vulndb#2741\nFixes golang/vulndb#2692\nFixes golang/vulndb#2575\nFixes golang/vulndb#2729\nFixes golang/vulndb#2757\nFixes golang/vulndb#2649\nFixes golang/vulndb#2763\nFixes golang/vulndb#2703\nFixes golang/vulndb#2716\nFixes golang/vulndb#2642\nFixes golang/vulndb#2704\nFixes golang/vulndb#2578\nFixes golang/vulndb#2814\nFixes golang/vulndb#2581\nFixes golang/vulndb#2836\nFixes golang/vulndb#2701\nFixes golang/vulndb#2746\n\nChange-Id: I0a5da056b5ccdc1125855a24e7fd6228a2f6d326\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590039\nCommit-Queue: Tatiana Bradley \nAuto-Submit: Tatiana Bradley \nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"data/reports: add 51 unreviewed reports"}},{"before":"f714a152491c1496df7a34f5b49b11615b697bd9","after":"c3c93c09d39bfbbbe6813c28e0fcca8bc74cae17","ref":"refs/heads/master","pushedAt":"2024-06-03T22:38:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: remove return value from xref\n\nRemove error return value from xref, which always returns nil.\n\n(Caught by unparam and blocking deploy of vulndb)\n\nChange-Id: I4c9423f0d333d7beb9422ee558ed83f3dd99aebf\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590115\nReviewed-by: Damien Neil \nAuto-Submit: Tatiana Bradley \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/vulnreport: remove return value from xref"}},{"before":"b1733dedf4ea2ba799e4a16aeefce23df642e3db","after":"f714a152491c1496df7a34f5b49b11615b697bd9","ref":"refs/heads/master","pushedAt":"2024-06-03T20:52:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: refactor commands to unify processing logs\n\nChange-Id: Iffac3dec16c30c3384ab59955a4d5e53f6a6fbfe\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590037\nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/vulnreport: refactor commands to unify processing logs"}},{"before":"31e9628156f35a521c46472da1e6fa56b8e99fb4","after":"b1733dedf4ea2ba799e4a16aeefce23df642e3db","ref":"refs/heads/master","pushedAt":"2024-06-03T20:51:55.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: delete unused command vulnreport duplicates\n\nChange-Id: I78ccf562b43bfe372a21452afb0312efd6948ca9\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590036\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"cmd/vulnreport: delete unused command vulnreport duplicates"}},{"before":"7aa642d2809fe48c0fc8dd389cdc65452c178abd","after":"31e9628156f35a521c46472da1e6fa56b8e99fb4","ref":"refs/heads/master","pushedAt":"2024-06-03T20:51:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: add no-arg version of vulnreport commit\n\nWith no arguments, \"vulnreport commit\" now individually commits all\nreports that have been added/changed (according to git status).\n(To commit them all as a single commit, use \"vulnreport -batch commit\").\n\nThe flag \"-status=\" can additionally be used\nto only commit reports with a certain review status.\n\nChange-Id: I4efb4e866166b6153d556409408021dc861656fb\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/590035\nReviewed-by: Damien Neil \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/vulnreport: add no-arg version of vulnreport commit"}},{"before":"a9204e253a7a6b8bd342c2e755c47529600255ed","after":"7aa642d2809fe48c0fc8dd389cdc65452c178abd","ref":"refs/heads/master","pushedAt":"2024-06-03T20:51:38.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/vulnreport: add a check for basic reference URL existence\n\nAdds a check to \"vulnreport fix\" that errors if any URLs in the\n\"references\" section return an error or status 404 on HTTP HEAD.\nWe don't check for other status codes yet.\n\nAn experiment to error on all non-200 status codes brought up some\nambiguous cases where the link is still viewable in a browser, e.g.:\n - 429 Too Many Requests (https://vuldb.com/?id.256304)\n - 503 Service Unavailable (http://blog.recurity-labs.com/2017-08-10/scm-vulns):\n - 403 Forbidden (https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html)\n\nFor now, this is a fix check and not a lint check, meaning it only\napplies to new reports, and can technically be ignored (by manually\ncreating a CL that adds the report).\n\nThis CL also deletes existing URLs in the corpus that don't exist\naccording to this check.\n\nChange-Id: Id14fb79fc2f2c2d4c8145fdc88d11aa33708c94b\nReviewed-on: https://go-review.googlesource.com/c/vulndb/+/588761\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Damien Neil ","shortMessageHtmlLink":"cmd/vulnreport: add a check for basic reference URL existence"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEYVg_HQA","startCursor":null,"endCursor":null}},"title":"Activity · golang/vulndb"}