data/reports: add vulnerable_at to GO-2021-0105.yaml

Also fixes package name

Aliases: CVE-2020-26265, GHSA-xw37-57qp-9mm4

Updates #105

Change-Id: I0e15f83d189ba546b7961cd9f2ab055908a9b9cf
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/465799
Run-TryBot: Tatiana Bradley <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Tim King <[email protected]>

Author: tatianab

data/osv/GO-2021-0105.json

@@ -32,8 +32,17 @@
       "ecosystem_specific": {
         "imports": [
           {
-            "path": "github.com/ethereum/go-ethereum/core",
+            "path": "github.com/ethereum/go-ethereum/core/state",
             "symbols": [
+              "StateDB.AddBalance",
+              "StateDB.CreateAccount",
+              "StateDB.GetOrNewStateObject",
+              "StateDB.SetBalance",
+              "StateDB.SetCode",
+              "StateDB.SetNonce",
+              "StateDB.SetState",
+              "StateDB.SetStorage",
+              "StateDB.SubBalance",
               "StateDB.createObject"
             ]
           }

data/reports/GO-2021-0105.yaml

@@ -3,11 +3,21 @@ modules:
     versions:
       - introduced: 1.9.4
       - fixed: 1.9.20
+    vulnerable_at: 1.9.20-0.20200821114314-b68929caee77
     packages:
-      - package: github.com/ethereum/go-ethereum/core
+      - package: github.com/ethereum/go-ethereum/core/state
         symbols:
           - StateDB.createObject
-        skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]'
+        derived_symbols:
+          - StateDB.AddBalance
+          - StateDB.CreateAccount
+          - StateDB.GetOrNewStateObject
+          - StateDB.SetBalance
+          - StateDB.SetCode
+          - StateDB.SetNonce
+          - StateDB.SetState
+          - StateDB.SetStorage
+          - StateDB.SubBalance
 description: |
     Due to an incorrect state calculation, a specific set of
     transactions could cause a consensus disagreement,