| Release | Version |
|---|---|
| stretch | 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 |
| stretch (security) | 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1+deb8u1 |
| buster | 1:0.0~git20181203.505ab14-1 |
| bullseye | 1:0.0~git20201221.eec23a3-1 |
| bookworm | 1:0.0~git20220315.3147a52-1 |
| sid | 1:0.0~git20220315.3147a52-1 |
| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2022-27191 | vulnerable | vulnerable | vulnerable | fixed | fixed | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ... |
| CVE-2021-43565 | vulnerable (no DSA, postponed) | vulnerable | vulnerable | fixed | fixed | x/crypto/ssh: empty plaintext packet causes panic |
| CVE-2020-9283 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ... |
| CVE-2019-11841 | fixed | vulnerable | fixed | fixed | fixed | A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ... |
| CVE-2019-11840 | fixed | vulnerable | fixed | fixed | fixed | An issue was discovered in supplementary Go cryptography libraries, ak ... |
| Bug | Description |
|---|---|
| CVE-2020-29652 | A nil pointer dereference in the golang.org/x/crypto/ssh component thr ... |
| CVE-2017-3204 | The Go SSH library (x/crypto/ssh) by default does not verify host keys ... |
| DSA / DLA | Description |
|---|---|
| DLA-2402-1 | golang-go.crypto - security update |
| DLA-1920-1 | golang-go.crypto - security update |
| DLA-1840-1 | golang-go.crypto - security update |