DockerCLI

History

Sebastiaan van Stijn 1edb10fe30 vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283) full diff: `1d94cc7ab1...bac4c82f69` Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed peers to cause a panic in SSH servers that accept public keys and in any SSH client. An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public key, such that the library will panic when trying to verify a signature with it. Clients can deliver such a public key and signature to any golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can deliver them to any golang.org/x/crypto/ssh client. This issue was discovered and reported by Alex Gaynor, Fish in a Barrel, and is tracked as CVE-2020-9283. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-02-20 21:20:47 +01:00
..
x	vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)	2020-02-20 21:20:47 +01:00

Sebastiaan van Stijn 1edb10fe30

vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)

full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

2020-02-20 21:20:47 +01:00

x vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283) 2020-02-20 21:20:47 +01:00