data/reports: update GO-2024-2606

- data/reports/GO-2024-2606.yaml Updates #2606 Updates golang/go#69392 Change-Id: I32da7de9925de3bdea645dcc2ce1c9263941252d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/612875 Reviewed-by: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Zvonimir Pavlinovic <[email protected]>
golang · Sep 13, 2024 · e5f3b25 · e5f3b25
1 parent c3f0f4a
commit e5f3b25
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/data/osv/GO-2024-2606.json b/data/osv/GO-2024-2606.json
@@ -99,6 +99,33 @@
         ]
       }
     },
+    {
+      "package": {
+        "name": "github.com/jackc/pgx",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/jackc/pgx/internal/sanitize",
+            "symbols": [
+              "Query.Sanitize",
+              "SanitizeSQL"
+            ]
+          }
+        ]
+      }
+    },
     {
       "package": {
         "name": "github.com/jackc/pgx/v4",

diff --git a/data/reports/GO-2024-2606.yaml b/data/reports/GO-2024-2606.yaml
@@ -67,6 +67,14 @@ modules:
             - main
       fix_links:
         - https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007
+    - module: github.com/jackc/pgx
+      vulnerable_at: 3.6.2+incompatible
+      packages:
+        - package: github.com/jackc/pgx/internal/sanitize
+          symbols:
+            - Query.Sanitize
+          derived_symbols:
+            - SanitizeSQL
     - module: github.com/jackc/pgx/v4
       versions:
         - fixed: 4.18.2