DockerCLI/vendor/golang.org/x/crypto/ssh
Sebastiaan van Stijn 1edb10fe30
vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283)
full diff: 1d94cc7ab1...bac4c82f69

Version v0.0.0-20200220183623-bac4c82f6975 of golang.org/x/crypto fixes a
vulnerability in the golang.org/x/crypto/ssh package which allowed peers to
cause a panic in SSH servers that accept public keys and in any SSH client.

An attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com public
key, such that the library will panic when trying to verify a signature
with it. Clients can deliver such a public key and signature to any
golang.org/x/crypto/ssh server with a PublicKeyCallback, and servers can
deliver them to any golang.org/x/crypto/ssh client.

This issue was discovered and reported by Alex Gaynor, Fish in a Barrel,
and is tracked as CVE-2020-9283.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-20 21:20:47 +01:00
..
agent vendor github.com/docker/docker to bcaa613d823 2019-04-03 20:57:18 +00:00
internal/bcrypt_pbkdf vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382 2020-02-19 12:37:32 +01:00
terminal vendor: golang.org/x/crypto 1d94cc7ab1c630336ab82ccb9c9cda72a875c382 2020-02-19 12:37:32 +01:00
test Bump moby version (and its dependencies) 2018-06-08 11:26:10 +02:00
buffer.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
certs.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
channel.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
cipher.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
client.go vendor github.com/docker/docker to bcaa613d823 2019-04-03 20:57:18 +00:00
client_auth.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
common.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
connection.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
doc.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
handshake.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
kex.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
keys.go vendor: bump golang.org/x/crypto bac4c82f6975 (CVE-2020-9283) 2020-02-20 21:20:47 +01:00
mac.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
messages.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
mux.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
server.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
session.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
ssh_gss.go vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 (CVE-2020-7919) 2020-01-29 11:25:09 +01:00
streamlocal.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
tcpip.go build: add SSH agent socket forwarder (`docker build --ssh $SSHMOUNTID=$SSH_AUTH_SOCK`) 2018-10-05 19:56:32 +09:00
transport.go bump golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3 2019-05-13 21:49:19 -07:00