Sebastiaan van Stijn 917b44799d vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd ... full diff: 5770296d90...3147a52a75 This version contains a fix for CVE-2022-27191 (not sure if it affects us). From the golang mailing list: Hello gophers, Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements client authentication support for signature algorithms based on SHA-2 for use with existing RSA keys. Previously, a client would fail to authenticate with RSA keys to servers that reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default and—starting today March 15, 2022 for recently uploaded keys. We are providing this announcement as the error (“ssh: unable to authenticate”) might otherwise be difficult to troubleshoot. Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also fixes a potential security issue where an attacker could cause a crash in a golang.org/x/crypto/ssh server under these conditions: - The server has been configured by passing a Signer to ServerConfig.AddHostKey. - The Signer passed to AddHostKey does not also implement AlgorithmSigner. - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method. Servers that only use Signer implementations provided by the ssh package are unaffected. This is CVE-2022-27191. Alla prossima, Filippo for the Go Security team Signed-off-by: Sebastiaan van Stijn <github@gone.nl>		2022-03-17 13:59:03 +01:00
..
asn1	Update cloudflare/cfssl to 1.3.2	2018-07-04 17:47:22 +02:00
asn1.go	vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd	2022-03-17 13:59:03 +01:00
builder.go	Update golang.org/x/crypto	2019-03-21 16:48:45 +00:00
string.go	vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1	2020-01-29 18:36:06 +01:00