[vulndb] data/reports: narrow down vulnerable versions and symbols in 2 reports
1 view
Skip to first unread message
Nicholas Husin (Gerrit)
Dec 15, 2025, 5:25:46 PM (21 hours ago) Dec 15
to Neal Patel, Ethan Lee, goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
Attention needed from Ethan Lee and Neal Patel
Nicholas Husin has uploaded the change for review![]( "Open in Gerrit")
Nicholas Husin would like Neal Patel and Ethan Lee to review this change.
Commit message
data/reports: narrow down vulnerable versions and symbols in 2 reports
Fixes golang/vulndb#4234
Fixes golang/vulndb#3513
Change-Id: I8069aefe4e3ad94cf8386523e2b63e3251c27235
Change diff
diff --git a/data/osv/GO-2025-3465.json b/data/osv/GO-2025-3465.json
index e1787e4..4515761 100644
--- a/data/osv/GO-2025-3465.json
+++ b/data/osv/GO-2025-3465.json
@@ -46,7 +46,16 @@
]
}
],
- "ecosystem_specific": {}
+ "ecosystem_specific": {
+ "imports": [
+ {
+ "path": "k8s.io/kubernetes/pkg/kubelet/server",
+ "symbols": [
+ "InstallDefaultHandlers"
+ ]
+ }
+ ]
+ }
}
],
"references": [
diff --git a/data/osv/GO-2025-3829.json b/data/osv/GO-2025-3829.json
index a084524..9a8d4b6 100644
--- a/data/osv/GO-2025-3829.json
+++ b/data/osv/GO-2025-3829.json
@@ -23,7 +23,7 @@
"introduced": "0"
},
{
- "fixed": "28.0.0+incompatible"
+ "fixed": "25.0.13+incompatible"
}
]
}
diff --git a/data/reports/GO-2025-3465.yaml b/data/reports/GO-2025-3465.yaml
index f9e54e3..4c24682 100644
--- a/data/reports/GO-2025-3465.yaml
+++ b/data/reports/GO-2025-3465.yaml
@@ -10,6 +10,11 @@
- introduced: 1.32.0
- fixed: 1.32.2
vulnerable_at: 1.32.1
+ packages:
+ - package: k8s.io/kubernetes/pkg/kubelet/server
+ symbols:
+ - InstallDefaultHandlers
+ skip_fix: 'reading k8s.io/api/go.mod at revision v0.0.0: unknown revision v0.0.0'
summary: Node Denial of Service via kubelet Checkpoint API in k8s.io/kubernetes
cves:
- CVE-2025-0426
diff --git a/data/reports/GO-2025-3829.yaml b/data/reports/GO-2025-3829.yaml
index 5dbef95..bf84020 100644
--- a/data/reports/GO-2025-3829.yaml
+++ b/data/reports/GO-2025-3829.yaml
@@ -2,7 +2,7 @@
modules:
- module: github.com/docker/docker
versions:
- - fixed: 28.0.0+incompatible
+ - fixed: 25.0.13+incompatible
summary: Moby firewalld reload removes bridge network isolation in github.com/docker/docker
cves:
- CVE-2025-54410
@@ -11,6 +11,8 @@
references:
- advisory: https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp
- web: https://firewalld.org/documentation/howto/reload-firewalld.html
+notes:
+ - GHSA says version <28.0.0 is affected when initially published. However, since then, version 25.0.13 has since been published. Manual evaluation of the source received when using go get confirmed that the fix is in place.
source:
id: GHSA-4vq8-7jfc-9cvp
created: 2025-08-06T19:54:54.454402776Z
Change information
Files:
- M data/osv/GO-2025-3465.json
- M data/osv/GO-2025-3829.json
- M data/reports/GO-2025-3465.yaml
- M data/reports/GO-2025-3829.yaml
Change size: S
Delta: 4 files changed, 19 insertions(+), 3 deletions(-)
Related details
Attention is currently required from:
- Ethan Lee
- Neal Patel
Submit Requirements:
Code-Review
LUCI-Pass
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Neal Patel (Gerrit)
11:18 AM (3 hours ago) 11:18 AM
to Nicholas Husin, goph...@pubsubhelper.golang.org, Go LUCI, Ethan Lee, golang-co...@googlegroups.com
Attention needed from Ethan Lee and Nicholas Husin
Neal Patel voted Code-Review+2![]( "Open in Gerrit")
Attention is currently required from:
- Ethan Lee
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Ethan Lee (Gerrit)
11:22 AM (3 hours ago) 11:22 AM
to Nicholas Husin, goph...@pubsubhelper.golang.org, Neal Patel, Go LUCI, golang-co...@googlegroups.com
Attention needed from Nicholas Husin
Ethan Lee voted Code-Review+2![]( "Open in Gerrit")
| Code-Review | +2 |
Related details
Attention is currently required from:
- Nicholas Husin
Submit Requirements:
Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Nicholas Husin (Gerrit)
11:23 AM (3 hours ago) 11:23 AM
to goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Ethan Lee, Neal Patel, Go LUCI, golang-co...@googlegroups.com
Nicholas Husin submitted the change![]( "Open in Gerrit")
Change information
Commit message:
data/reports: narrow down vulnerable versions and symbols in 2 reports
Fixes golang/vulndb#4234
Fixes golang/vulndb#3513
Change-Id: I8069aefe4e3ad94cf8386523e2b63e3251c27235
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/730170
LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Neal Patel <neal...@google.com>
Reviewed-by: Ethan Lee <etha...@google.com>
Files:
- M data/osv/GO-2025-3465.json
- M data/osv/GO-2025-3829.json
- M data/reports/GO-2025-3465.yaml
- M data/reports/GO-2025-3829.yaml
Change size: S
Delta: 4 files changed, 19 insertions(+), 3 deletions(-)
Branch: refs/heads/master
Submit Requirements:
Code-Review: +2 by Neal Patel, +2 by Ethan Lee
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages