x/vulndb: potential Go vuln in github.com/docker/docker-credential-helpers: CVE-2019-1020014

[tatianab]

CVE-2019-1020014 references github.com/docker/docker-credential-helpers, which may be a Go module.

Description:
docker-credential-helpers before 0.6.3 has a double free in the List functions.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-1020014
• fix: docker/docker-credential-helpers@1c9f7ed
• web: https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3
• web: https://usn.ubuntu.com/4103-1/
• web: https://usn.ubuntu.com/4103-2/
• web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/
• Imported by: https://pkg.go.dev/github.com/docker/docker-credential-helpers?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/docker/docker-credential-helpers
      vulnerable_at: 0.8.0
      packages:
        - package: docker-credential-helpers
cves:
    - CVE-2019-1020014
references:
    - fix: https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a
    - web: https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3
    - web: https://usn.ubuntu.com/4103-1/
    - web: https://usn.ubuntu.com/4103-2/
    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports