The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
[
{
"product": "podman",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "podman 1.6.4-32.el7_9"
}
]
}
]