mirror of https://github.com/docker/cli.git
0de84f0190
no changes in vendored files full diff: https://github.com/golang/crypto/compare/v0.16.0...v0.17.0 from the security mailing: > Hello gophers, > > Version v0.17.0 of golang.org/x/crypto fixes a protocol weakness in the > golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise > the integrity of the secure channel before it was established, allowing > them to prevent transmission of a number of messages immediately after > the secure channel was established without either side being aware. > > The impact of this attack is relatively limited, as it does not compromise > confidentiality of the channel. Notably this attack would allow an attacker > to prevent the transmission of the SSH2_MSG_EXT_INFO message, disabling a > handful of newer security features. > > This protocol weakness was also fixed in OpenSSH 9.6. > > Thanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr > University Bochum for reporting this issue. > > This is CVE-2023-48795 and Go issue https://go.dev/issue/64784. > > Cheers, > Roland on behalf of the Go team Signed-off-by: Sebastiaan van Stijn <github@gone.nl> |
||
|---|---|---|
| .. | ||
| dario.cat/mergo | ||
| github.com | ||
| go.etcd.io/etcd/raft/v3 | ||
| go.opentelemetry.io | ||
| golang.org/x | ||
| google.golang.org | ||
| gopkg.in/yaml.v2 | ||
| gotest.tools/v3 | ||
| tags.cncf.io/container-device-interface | ||
| modules.txt | ||