From 002e9e9ff01f775996fec3215a32fa0d060a2f7e Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Mon, 8 Jul 2024 12:35:03 -0400
Subject: [PATCH] data/reports: update 2 reports

Add GHSAs for reports we created.

  - data/reports/GO-2024-2567.yaml
  - data/reports/GO-2024-2883.yaml

Updates golang/vulndb#2567
Updates golang/vulndb#2883
Fixes golang/vulndb#2976
Fixes golang/vulndb#2975

Change-Id: I4c4a975148abd1e81fd75dd2d74c8e9951f568b1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597156
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Tim King <taking@google.com>
---
 data/osv/GO-2024-2567.json     | 3 +++
 data/osv/GO-2024-2883.json     | 3 +++
 data/reports/GO-2024-2567.yaml | 2 ++
 data/reports/GO-2024-2883.yaml | 2 ++
 4 files changed, 10 insertions(+)

diff --git a/data/osv/GO-2024-2567.json b/data/osv/GO-2024-2567.json
index c44d4704..4c61a828 100644
--- a/data/osv/GO-2024-2567.json
+++ b/data/osv/GO-2024-2567.json
@@ -3,6 +3,9 @@
   "id": "GO-2024-2567",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-fqpg-rq76-99pq"
+  ],
   "summary": "Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx",
   "details": "Pipeline can panic when PgConn is busy or closed.",
   "affected": [
diff --git a/data/osv/GO-2024-2883.json b/data/osv/GO-2024-2883.json
index 870aa3e5..0a8d8552 100644
--- a/data/osv/GO-2024-2883.json
+++ b/data/osv/GO-2024-2883.json
@@ -3,6 +3,9 @@
   "id": "GO-2024-2883",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "GHSA-mh55-gqvf-xfwm"
+  ],
   "summary": "Denial of service via malicious preflight requests in github.com/rs/cors",
   "details": "Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attempt to cause a denial of service.",
   "affected": [
diff --git a/data/reports/GO-2024-2567.yaml b/data/reports/GO-2024-2567.yaml
index fccd86b4..6993046a 100644
--- a/data/reports/GO-2024-2567.yaml
+++ b/data/reports/GO-2024-2567.yaml
@@ -11,6 +11,8 @@ modules:
             - Pipeline.Sync
 summary: Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
 description: Pipeline can panic when PgConn is busy or closed.
+ghsas:
+    - GHSA-fqpg-rq76-99pq
 references:
     - fix: https://github.com/jackc/pgx/commit/dfd198003a03dbb96e4607b0d3a0bb9a7398ccb7
 source:
diff --git a/data/reports/GO-2024-2883.yaml b/data/reports/GO-2024-2883.yaml
index d3aefce1..203a14a0 100644
--- a/data/reports/GO-2024-2883.yaml
+++ b/data/reports/GO-2024-2883.yaml
@@ -24,6 +24,8 @@ description: |-
     (ACRH) header whose value contains many commas. This behavior can be abused by
     attackers to produce undue load on the middleware/server as an attempt to cause
     a denial of service.
+ghsas:
+    - GHSA-mh55-gqvf-xfwm
 credits:
     - '@jub0bs'
 references: