DockerCLI/vendor/golang.org/x/crypto
Sebastiaan van Stijn 1edb10fe30
vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)
full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 21:20:47 +01:00
..
blowfish vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382 2020-02-19 12:37:32 +01:00
chacha20 vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
curve25519 vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
ed25519 vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
internal/subtle vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
otr vendor github.com/docker/docker to bcaa613d823 2019-04-03 20:57:18 +00:00
pbkdf2 vendor: upgrade notary version for docker trust 2017-09-25 09:34:52 -07:00
poly1305 vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
ssh vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283) 2020-02-20 21:20:47 +01:00
LICENSE Add vendor 2017-04-17 18:12:58 -04:00
PATENTS Add vendor 2017-04-17 18:12:58 -04:00
README.md revendor logrus and x/crypto 2017-09-29 15:32:42 +02:00
go.mod vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00

README.md

Go Cryptography

This repository holds supplementary Go cryptography libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with "x/crypto:" in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.