DockerCLI/vendor
Sebastiaan van Stijn 1edb10fe30
vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)
full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 21:20:47 +01:00
..
cloud.google.com/go alias kubernetes api to compose-on-kubernetes implementation 2018-12-28 15:49:17 +01:00
github.com vendor: bump swarmkit 49e35619b18200845c9365c1e953440c28868002 2020-02-12 18:45:30 +01:00
golang.org/x vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283) 2020-02-20 21:20:47 +01:00
google.golang.org vendor: bump google.golang.org/grpc v1.23.1 2020-01-07 10:26:47 +01:00
gopkg.in vendor: bump gopkg.in/yaml.v2 v2.2.8 2020-01-28 15:44:12 +01:00
gotest.tools bump LK4D4/vndr v0.0.3 and revendor 2019-05-14 16:13:27 -07:00
k8s.io Bump Compose on Kubernetes 2019-10-30 22:08:14 +01:00
sigs.k8s.io/yaml bump kubernetes to v1.14.0 2019-03-29 09:20:28 +00:00
vbom.ml/util Sort swarm stacks and nodes using natural sorting 2017-07-13 14:33:02 +03:00