data/reports: review 7 reports

Review 7 vulns that need REVIEWED reports based on
estimated impact.

  - data/reports/GO-2024-2500.yaml
  - data/reports/GO-2024-2512.yaml
  - data/reports/GO-2024-2572.yaml
  - data/reports/GO-2024-2575.yaml
  - data/reports/GO-2024-2846.yaml
  - data/reports/GO-2024-2913.yaml
  - data/reports/GO-2024-2914.yaml

Fixes #2500
Fixes #2512
Fixes #2572
Fixes #2575
Fixes #2846
Fixes #2913
Fixes #2914

Change-Id: I65341fdb981196e44d09545d84e7b77261a549f3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/595999
Reviewed-by: Zvonimir Pavlinovic <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: tatianab

data/osv/GO-2024-2500.json

@@ -28,7 +28,66 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/docker/docker/daemon",
+            "symbols": [
+              "Daemon.create",
+              "Daemon.setupContainerMountsRoot",
+              "NewDaemon",
+              "setupDaemonRoot"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/aufs",
+            "symbols": [
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/btrfs",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/fuse-overlayfs",
+            "symbols": [
+              "Driver.create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/overlay",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/overlay2",
+            "symbols": [
+              "Driver.create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/vfs",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/graphdriver/zfs",
+            "symbols": [
+              "Init"
+            ]
+          }
+        ]
+      }
     },
     {
       "package": {
@@ -48,37 +107,85 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/moby/moby/daemon",
+            "symbols": [
+              "Daemon.create",
+              "Daemon.setupContainerMountsRoot",
+              "NewDaemon",
+              "setupDaemonRoot"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/aufs",
+            "symbols": [
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/btrfs",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/fuse-overlayfs",
+            "symbols": [
+              "Driver.create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/overlay",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/overlay2",
+            "symbols": [
+              "Driver.create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/vfs",
+            "symbols": [
+              "Driver.Create",
+              "Init"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/graphdriver/zfs",
+            "symbols": [
+              "Init"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41091"
-    },
     {
       "type": "FIX",
       "url": "https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64"
-    },
-    {
-      "type": "WEB",
-      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
-    },
-    {
-      "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"
-    },
+    }
+  ],
+  "credits": [
     {
-      "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"
+      "name": "Joan Bruguera"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-2500",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }

data/osv/GO-2024-2512.json

@@ -34,7 +34,107 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/docker/docker/builder/dockerfile"
+          },
+          {
+            "path": "github.com/docker/docker/daemon/containerd",
+            "symbols": [
+              "imageCache.GetCache",
+              "isMatch",
+              "localCache.GetCache"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/daemon/images",
+            "symbols": [
+              "ImageService.CommitImage",
+              "ImageService.CreateImage"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/image",
+            "symbols": [
+              "store.IsBuiltLocally",
+              "store.SetBuiltLocally"
+            ]
+          },
+          {
+            "path": "github.com/docker/docker/image/cache",
+            "symbols": [
+              "ImageCache.GetCache",
+              "LocalImageCache.GetCache",
+              "compare",
+              "getLocalCachedImage"
+            ]
+          }
+        ]
+      }
+    },
+    {
+      "package": {
+        "name": "github.com/moby/moby",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "24.0.9+incompatible"
+            },
+            {
+              "introduced": "25.0.0+incompatible"
+            },
+            {
+              "fixed": "25.0.2+incompatible"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/moby/moby/builder/dockerfile"
+          },
+          {
+            "path": "github.com/moby/moby/daemon/containerd",
+            "symbols": [
+              "imageCache.GetCache",
+              "isMatch",
+              "localCache.GetCache"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/daemon/images",
+            "symbols": [
+              "ImageService.CommitImage",
+              "ImageService.CreateImage"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/image",
+            "symbols": [
+              "store.IsBuiltLocally",
+              "store.SetBuiltLocally"
+            ]
+          },
+          {
+            "path": "github.com/moby/moby/image/cache",
+            "symbols": [
+              "ImageCache.GetCache",
+              "LocalImageCache.GetCache",
+              "compare",
+              "getLocalCachedImage"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -43,20 +143,20 @@
       "url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
     },
     {
-      "type": "WEB",
+      "type": "FIX",
       "url": "https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae"
     },
     {
-      "type": "WEB",
+      "type": "FIX",
       "url": "https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd"
     },
     {
-      "type": "WEB",
+      "type": "FIX",
       "url": "https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-2512",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }

data/osv/GO-2024-2572.json

@@ -6,8 +6,8 @@
   "aliases": [
     "GHSA-4j93-fm92-rp4m"
   ],
-  "summary": "ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module in github.com/cosmos/cosmos-sdk",
-  "details": "ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module in github.com/cosmos/cosmos-sdk",
+  "summary": "Missing BlockedAddressed Validation in Vesting Module in github.com/cosmos/cosmos-sdk",
+  "details": "Missing BlockedAddressed Validation in Vesting Module in github.com/cosmos/cosmos-sdk",
   "affected": [
     {
       "package": {
@@ -33,7 +33,16 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "github.com/cosmos/cosmos-sdk/x/auth/vesting",
+            "symbols": [
+              "msgServer.CreatePeriodicVestingAccount"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -56,6 +65,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-2572",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }