reports/GO-2020-0002.yaml - vulndb - Git at Google

 module: github.com/proglottis/gpgme
 versions:
   - fixed: v0.1.1
 description: |
   The Data, Context, or Key finalizers might run during or before GPGME
   operations. This will release the C structures that are still in use, leading
   to crashes and potentially code execution through a use-after-free.
 cves:
   - CVE-2020-8945
 credit: Ulrich Obergfell <uobergfe@redhat.com>
 links:
   pr: https://github.com/proglottis/gpgme/pull/23
   commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733
	module: github.com/proglottis/gpgme
	versions:
	- fixed: v0.1.1
	description: \|
	The Data, Context, or Key finalizers might run during or before GPGME
	operations. This will release the C structures that are still in use, leading
	to crashes and potentially code execution through a use-after-free.
	cves:
	- CVE-2020-8945
	credit: Ulrich Obergfell <uobergfe@redhat.com>
	links:
	pr: https://github.com/proglottis/gpgme/pull/23
	commit: https://github.com/proglottis/gpgme/commit/92153bcb59bd2f511e502262c46c7bd660e21733