Improve GHSA-q6gq-997w-f55g

Fidget-Grep · Fidget-Grep · commit 589f2f9b9f7b · 2025-10-13T13:38:15.000-07:00
diff --git a/advisories/github-reviewed/2021/12/GHSA-q6gq-997w-f55g/GHSA-q6gq-997w-f55g.json b/advisories/github-reviewed/2021/12/GHSA-q6gq-997w-f55g/GHSA-q6gq-997w-f55g.json
@@ -6,7 +6,7 @@
   "aliases": [
     "CVE-2020-16845"
   ],
-  "summary": "Infinite loop in xz",
+  "summary": "Infinite loop in Go standard library encoding/binary",
   "details": "Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.",
   "severity": [
     {
@@ -15,25 +15,6 @@
     }
   ],
   "affected": [
-    {
-      "package": {
-        "ecosystem": "Go",
-        "name": "github.com/ulikunitz/xz"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "0"
-            },
-            {
-              "fixed": "0.5.8"
-            }
-          ]
-        }
-      ]
-    },
     {
       "package": {
         "ecosystem": "Go",
@@ -79,72 +60,60 @@
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16845"
     },
     {
-      "type": "WEB",
-      "url": "https://github.com/ulikunitz/xz/issues/35"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9b"
+      "type": "PACKAGE",
+      "url": "https://github.com/golang/go"
     },
     {
       "type": "WEB",
-      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
+      "url": "https://go.dev/issue/40618"
     },
     {
       "type": "WEB",
-      "url": "https://www.debian.org/security/2021/dsa-4848"
+      "url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo"
     },
     {
       "type": "WEB",
-      "url": "https://security.netapp.com/advisory/ntap-20200924-0002"
+      "url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q"
     },
     {
       "type": "WEB",
-      "url": "https://pkg.go.dev/vuln/GO-2021-0142"
+      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4"
+      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU"
     },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KWRBAH4UZJO3RROQ72SYCUPFCJFA22FO"
     },
     {
       "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6RCFJTMKHY5ICGEM5BUFUEDDGSPJ25XU"
-    },
-    {
-      "type": "WEB",
-      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00038.html"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TACQFZDPA7AUR6TRZBCX2RGRFSDYLI7O"
     },
     {
       "type": "WEB",
-      "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00037.html"
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WV2VWKFTH4EJGZBZALVUJQJOAQB5MDQ4"
     },
     {
       "type": "WEB",
-      "url": "https://groups.google.com/g/golang-announce/c/NyPIaucMgXo"
+      "url": "https://pkg.go.dev/vuln/GO-2021-0142"
     },
     {
       "type": "WEB",
-      "url": "https://groups.google.com/forum/#!topic/golang-announce/_ulYYcIWg3Q"
+      "url": "https://security.netapp.com/advisory/ntap-20200924-0002"
     },
     {
       "type": "WEB",
-      "url": "https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo"
+      "url": "https://www.debian.org/security/2021/dsa-4848"
     },
     {
       "type": "WEB",
-      "url": "https://go.dev/issue/40618"
-    },
-    {
-      "type": "PACKAGE",
-      "url": "https://github.com/ulikunitz/xz"
+      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
     },
     {
       "type": "WEB",
