From bfcb8f188f34ba8664c2bb47b73ef658ef802c52 Mon Sep 17 00:00:00 2001
From: Tatiana Bradley <tatianabradley@google.com>
Date: Mon, 9 Jan 2023 16:16:33 -0500
Subject: [PATCH] data/reports: add alias and fix symbol in GO-2020-0004.yaml

Adds GHSA and fixes typo in symbol.

Aliases: CVE-2020-36569, GHSA-hrm3-3xm6-x33h

Updates golang/vulndb#4
Fixes golang/vulndb#1227
Updates golang/vulndb#1282

Change-Id: I027596c711959a8704c674a7e377dcb0dca535e6
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/461235
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
---
 data/cve/v5/GO-2020-0004.json  | 2 +-
 data/osv/GO-2020-0004.json     | 7 ++++---
 data/reports/GO-2020-0004.yaml | 7 +++++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/data/cve/v5/GO-2020-0004.json b/data/cve/v5/GO-2020-0004.json
index fcdfdc5f..a5b2ccd8 100644
--- a/data/cve/v5/GO-2020-0004.json
+++ b/data/cve/v5/GO-2020-0004.json
@@ -31,7 +31,7 @@
           ],
           "programRoutines": [
             {
-              "name": "Auth.ServerHTTP"
+              "name": "Auth.ServeHTTP"
             },
             {
               "name": "Auth.ListenAndServeTLS"
diff --git a/data/osv/GO-2020-0004.json b/data/osv/GO-2020-0004.json
index 9466c77f..129eee9e 100644
--- a/data/osv/GO-2020-0004.json
+++ b/data/osv/GO-2020-0004.json
@@ -3,9 +3,10 @@
   "published": "2021-04-14T20:04:52Z",
   "modified": "0001-01-01T00:00:00Z",
   "aliases": [
-    "CVE-2020-36569"
+    "CVE-2020-36569",
+    "GHSA-hrm3-3xm6-x33h"
   ],
-  "details": "If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners.\n\nAlso, a minor timing side channel was present allowing attackers with very low latency and able to make a lot of requests to potentially recover the token.",
+  "details": "If any of the ListenAndServe functions are called with an empty token, token authentication is disabled globally for all listeners.\n\nAlso, a minor timing side channel was present allowing attackers with very low latency and able to make many requests to potentially recover the token.",
   "affected": [
     {
       "package": {
@@ -35,7 +36,7 @@
             "symbols": [
               "Auth.ListenAndServe",
               "Auth.ListenAndServeTLS",
-              "Auth.ServerHTTP",
+              "Auth.ServeHTTP",
               "ListenAndServe",
               "ListenAndServeTLS"
             ]
diff --git a/data/reports/GO-2020-0004.yaml b/data/reports/GO-2020-0004.yaml
index 4510b314..365c9b9e 100644
--- a/data/reports/GO-2020-0004.yaml
+++ b/data/reports/GO-2020-0004.yaml
@@ -3,10 +3,11 @@ modules:
     versions:
       - introduced: 0.0.0-20160722212129-ac0cc4484ad4
         fixed: 0.0.0-20200131131040-063a3fb69896
+    vulnerable_at: 0.0.0-20190311151057-c2ebbac481bb
     packages:
       - package: github.com/nanobox-io/golang-nanoauth
         symbols:
-          - Auth.ServerHTTP
+          - Auth.ServeHTTP
           - Auth.ListenAndServeTLS
           - Auth.ListenAndServe
         derived_symbols:
@@ -17,9 +18,11 @@ description: |
     token authentication is disabled globally for all listeners.
 
     Also, a minor timing side channel was present allowing attackers with
-    very low latency and able to make a lot of requests to potentially
+    very low latency and able to make many requests to potentially
     recover the token.
 published: 2021-04-14T20:04:52Z
+ghsas:
+  - GHSA-hrm3-3xm6-x33h
 credit: '@bouk'
 references:
   - fix: https://github.com/nanobox-io/golang-nanoauth/pull/5