data/reports: add skip_fix to some cmd reports

tatianab · tatianab · commit c0d4f9126683 · 2023-02-08T20:38:52.000Z
Change-Id: Idafd1f4a261e5c4f95f16f2975a782805ea0793a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/466661 Run-TryBot: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Tim King <taking@google.com> TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/data/reports/GO-2022-0177.yaml b/data/reports/GO-2022-0177.yaml
@@ -7,6 +7,8 @@ modules:
     vulnerable_at: 1.9.0
     packages:
       - package: cmd/go
+        skip_fix: 'TODO: revisit this reason (cant request explicit version of standard
+            library package cmd/go)'
 description: |
     The "go get" command allows remote command execution.
 
diff --git a/data/reports/GO-2022-0201.yaml b/data/reports/GO-2022-0201.yaml
@@ -7,6 +7,8 @@ modules:
     vulnerable_at: 1.9.3
     packages:
       - package: cmd/go
+        skip_fix: 'TODO: revisit this reason (cant request explicit version of standard
+            library package cmd/go)'
 description: |
     The "go get" command with cgo is vulnerable to remote command execution
     by leveraging the gcc or clang plugin feature.
diff --git a/data/reports/GO-2022-0203.yaml b/data/reports/GO-2022-0203.yaml
@@ -7,6 +7,8 @@ modules:
     vulnerable_at: 1.10.0
     packages:
       - package: cmd/go
+        skip_fix: 'TODO: revisit this reason (cant request explicit version of standard
+            library package cmd/go)'
 description: |
     The "go get" command is vulnerable to remote code execution.
 
