data/reports: modify 1 report

thatnealpatel · gopherbot · commit 9901439a58ac · 2025-03-31T10:10:02.000-07:00
Fixes #3442 Fixes #3443 Change-Id: I08596ccbbe8b3f097c975e978ae2495cd9d853f5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/661095 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Neal Patel <nealpatel@google.com>
diff --git a/data/osv/GO-2025-3443.json b/data/osv/GO-2025-3443.json
@@ -6,8 +6,8 @@
   "aliases": [
     "GHSA-r3r4-g7hq-pq4f"
   ],
-  "summary": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",
-  "details": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",
+  "summary": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",
+  "details": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",
   "affected": [
     {
       "package": {
@@ -22,7 +22,7 @@
               "introduced": "0"
             },
             {
-              "fixed": "0.38.16"
+              "fixed": "0.38.17"
             }
           ]
         }
@@ -86,6 +86,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3443",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2025-3443.yaml b/data/reports/GO-2025-3443.yaml
@@ -2,8 +2,8 @@ id: GO-2025-3443
 modules:
     - module: github.com/cometbft/cometbft
       versions:
-        - fixed: 0.38.16
-      vulnerable_at: 0.38.15
+        - fixed: 0.38.17
+      vulnerable_at: 0.38.16
       packages:
         - package: github.com/cometbft/cometbft/types
           symbols:
@@ -21,8 +21,8 @@ modules:
           derived_symbols:
             - PartFromProto
 summary: |-
-    CometBFT allows a malicious peer to stall the network by disseminating seemingly
-    valid block parts in github.com/cometbft/cometbft
+    CometBFT allows a malicious peer to stall network by disseminating
+    valid-looking block parts in github.com/cometbft/cometbft
 ghsas:
     - GHSA-r3r4-g7hq-pq4f
 references:
@@ -32,4 +32,4 @@ references:
 source:
     id: GHSA-r3r4-g7hq-pq4f
     created: 2025-02-04T13:46:41.019336-05:00
-review_status: NEEDS_REVIEW
+review_status: REVIEWED

Original file line number	Diff line number	Diff line change
`@@ -6,8 +6,8 @@`
`6`	`6`	`"aliases": [`
`7`	`7`	`"GHSA-r3r4-g7hq-pq4f"`
`8`	`8`	`],`
`9`		`- "summary": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",`
`10`		`- "details": "CometBFT allows a malicious peer to stall the network by disseminating seemingly valid block parts in github.com/cometbft/cometbft",`
	`9`	`+ "summary": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",`
	`10`	`+ "details": "CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft",`
`11`	`11`	`"affected": [`
`12`	`12`	`{`
`13`	`13`	`"package": {`
`@@ -22,7 +22,7 @@`
`22`	`22`	`"introduced": "0"`
`23`	`23`	`},`
`24`	`24`	`{`
`25`		`- "fixed": "0.38.16"`
	`25`	`+ "fixed": "0.38.17"`
`26`	`26`	`}`
`27`	`27`	`]`
`28`	`28`	`}`
`@@ -86,6 +86,6 @@`
`86`	`86`	`],`
`87`	`87`	`"database_specific": {`
`88`	`88`	`"url": "https://pkg.go.dev/vuln/GO-2025-3443",`
`89`		`- "review_status": "UNREVIEWED"`
	`89`	`+ "review_status": "REVIEWED"`
`90`	`90`	`}`
`91`	`91`	`}`