reports/GO-2020-0027.toml - vuln - Git at Google

 package = "github.com/google/fscrypt/pam"

 description = """
 After dropping and then elevating process privileges euid, guid, and groups
 were not properly restored to their original values, allowing an unprivileged
 user to gain membership in the root group.
 """

 cve = "CVE-2018-6558"

 symbols = ["NewHandle", "SetProcessPrivileges", "Handle.StopAsPamUser"]

 [[versions]]
 fixed = "v0.2.4"

 [[additional_packages]]
 package = "github.com/google/fscrypt/security"
 symbols = ["UserKeyringID"]

 [links]
 commit = "https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b"
 context = ["https://github.com/google/fscrypt/issues/77"]
	package = "github.com/google/fscrypt/pam"

	description = """
	After dropping and then elevating process privileges euid, guid, and groups
	were not properly restored to their original values, allowing an unprivileged
	user to gain membership in the root group.
	"""

	cve = "CVE-2018-6558"

	symbols = ["NewHandle", "SetProcessPrivileges", "Handle.StopAsPamUser"]

	[[versions]]
	fixed = "v0.2.4"

	[[additional_packages]]
	package = "github.com/google/fscrypt/security"
	symbols = ["UserKeyringID"]

	[links]
	commit = "https://github.com/google/fscrypt/commit/3022c1603d968c22f147b4a2c49c4637dd1be91b"
	context = ["https://github.com/google/fscrypt/issues/77"]