blob: c658ed46ff9ea6244d48c5e7e2cebdbe2366d9b2 [file] [log] [blame]
packages:
- module: github.com/proglottis/gpgme
versions:
- fixed: 0.1.1
description: |
The Data, Context, or Key finalizers might run during or before GPGME
operations. This will release the C structures that are still in use, leading
to crashes and potentially code execution through a use-after-free.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-8945
ghsas:
- GHSA-m6wg-2mwg-4rfq
credit: Ulrich Obergfell <uobergfe@redhat.com>
links:
pr: https://github.com/proglottis/gpgme/pull/23
commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733