data/reports/GO-2020-0002.yaml - vulndb - Git at Google

 packages:
   - module: github.com/proglottis/gpgme
     versions:
       - fixed: 0.1.1
 description: |
     The Data, Context, or Key finalizers might run during or before GPGME
     operations. This will release the C structures that are still in use, leading
     to crashes and potentially code execution through a use-after-free.
 published: 2021-04-14T20:04:52Z
 cves:
   - CVE-2020-8945
 ghsas:
   - GHSA-m6wg-2mwg-4rfq
 credit: Ulrich Obergfell <uobergfe@redhat.com>
 links:
     pr: https://github.com/proglottis/gpgme/pull/23
     commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
	packages:
	- module: github.com/proglottis/gpgme
	versions:
	- fixed: 0.1.1
	description: \|
	The Data, Context, or Key finalizers might run during or before GPGME
	operations. This will release the C structures that are still in use, leading
	to crashes and potentially code execution through a use-after-free.
	published: 2021-04-14T20:04:52Z
	cves:
	- CVE-2020-8945
	ghsas:
	- GHSA-m6wg-2mwg-4rfq
	credit: Ulrich Obergfell <uobergfe@redhat.com>
	links:
	pr: https://github.com/proglottis/gpgme/pull/23
	commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733