Release | Version |
---|---|
bullseye | 1:0.0~git20201221.eec23a3-1 |
bookworm | 1:0.4.0-1 |
trixie | 1:0.25.0-1 |
sid | 1:0.25.0-1 |
Bug | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|
CVE-2023-48795 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | The SSH transport protocol with certain OpenSSH extensions, found in O ... |
CVE-2022-27191 | vulnerable (no DSA) | fixed | fixed | fixed | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ... |
CVE-2021-43565 | vulnerable (no DSA) | fixed | fixed | fixed | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ... |
Bug | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|
CVE-2022-30636 | vulnerable | fixed | fixed | fixed | httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token ... |
Bug | Description |
---|---|
CVE-2020-29652 | A nil pointer dereference in the golang.org/x/crypto/ssh component thr ... |
CVE-2020-9283 | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ... |
CVE-2019-11841 | A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ... |
CVE-2019-11840 | An issue was discovered in the supplementary Go cryptography library, ... |
CVE-2017-3204 | The Go SSH library (x/crypto/ssh) by default does not verify host keys ... |
DSA / DLA | Description |
---|---|
DLA-3455-1 | golang-go.crypto - security update |
DLA-2402-1 | golang-go.crypto - security update |
DLA-1920-1 | golang-go.crypto - security update |
DLA-1840-1 | golang-go.crypto - security update |