data/reports: withdraw 1 report

thatnealpatel · gopherbot · commit ae7b4038537b · 2025-03-26T13:15:20.000-07:00
Fixes #3543 Fixes #3578 Change-Id: I10e84b22911a0350b9f60d6299949a348f908d36 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/661075 Reviewed-by: Damien Neil <dneil@google.com> Commit-Queue: Neal Patel <nealpatel@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Neal Patel <nealpatel@google.com>
diff --git a/data/osv/GO-2025-3543.json b/data/osv/GO-2025-3543.json
@@ -3,11 +3,12 @@
   "id": "GO-2025-3543",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2025-03-26T18:45:50Z",
   "aliases": [
     "CVE-2025-27612"
   ],
-  "summary": "Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc",
-  "details": "Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/opencontainers/runc before v0.5.3.",
+  "summary": "WITHDRAWN: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc",
+  "details": "(This report has been withdrawn with reason: \"Does not affect Go code.\"). https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66 which caused automation to flag as Go; the affected repo is https://github.com/youki-dev/youki (Rust).",
   "affected": [
     {
       "package": {
@@ -65,6 +66,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2025-3543",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
diff --git a/data/reports/GO-2025-3543.yaml b/data/reports/GO-2025-3543.yaml
@@ -4,7 +4,16 @@ modules:
       non_go_versions:
         - fixed: 0.5.3
       vulnerable_at: 1.2.6
-summary: Libcontainer is affected by capabilities elevation in github.com/opencontainers/runc
+summary: |-
+    WITHDRAWN: Libcontainer is affected by capabilities elevation in
+    github.com/opencontainers/runc
+description: |-
+    (This report has been withdrawn with reason: "Does not affect Go code.").
+    https://nvd.nist.gov/vuln/detail/CVE-2025-27612 lists
+    https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66
+    which caused automation to flag as Go; the affected repo is
+    https://github.com/youki-dev/youki (Rust).
+withdrawn: "2025-03-26T18:45:50Z"
 cves:
     - CVE-2025-27612
 references:
@@ -16,4 +25,4 @@ references:
 source:
     id: CVE-2025-27612
     created: 2025-03-25T12:08:02.851021-04:00
-review_status: UNREVIEWED
+review_status: REVIEWED
