Guest24897
/
DockerCLI
mirror of https://github.com/docker/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
DockerCLI/vendor/golang.org/x
History
Sebastiaan van Stijn bc2c8d7599
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 		2022-03-17 14:03:33 +01:00
..
crypto vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd 2022-03-17 14:03:33 +01:00
net vendor: golang.org/x/net v0.0.0-20211216030914-fe4d6282115f 2022-03-16 15:21:39 +01:00
sys vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 2022-03-09 18:17:12 +01:00
term vendor: golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b 2022-03-16 15:24:03 +01:00
text vendor: golang.org/x/text v0.3.7 2022-03-09 18:17:13 +01:00
time vendor: golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac 2022-03-16 15:25:40 +01:00
xerrors vendor: github.com/google/go-cmp v0.5.5 2022-03-01 16:34:33 +01:00