x/vulndb: potential Go vuln in github.com/edgelesssys/constellation/v2: GHSA-6w5f-5wgr-qjg5

[GoVulnBot]

In GitHub Security Advisory GHSA-6w5f-5wgr-qjg5, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/edgelesssys/constellation/v2	2.6.0	< 2.6.0

Cross references:

• Module github.com/edgelesssys/constellation/v2 appears in issue #1583 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/edgelesssys/constellation/v2
    versions:
      - fixed: 2.6.0
    packages:
      - package: github.com/edgelesssys/constellation/v2
description: |+
    ### Impact

    An active attacker could let the boot fail on purpose in the initramfs, dropping the serial console into an emergency shell. This gives attackers with access to the serial console full control over the VM.

    ### Patches

    The issue has been patched in [v2.6.0](https://github.com/edgelesssys/constellation/releases/tag/v2.6.0).

    ### Workarounds

    none

ghsas:
  - GHSA-6w5f-5wgr-qjg5
references:
  - advisory: https://github.com/edgelesssys/constellation/security/advisories/GHSA-6w5f-5wgr-qjg5
  - web: https://github.com/edgelesssys/constellation/releases/tag/v2.6.0
  - advisory: https://github.com/advisories/GHSA-6w5f-5wgr-qjg5

[gopherbot]

Change https://go.dev/cl/475915 mentions this issue: data/excluded: batch add GO-2023-1629, GO-2023-1628, GO-2023-1627, GO-2023-1622

[gopherbot]

Change https://go.dev/cl/592759 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606783 mentions this issue: data/reports: unexclude 20 reports (3)