github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12cb1554be
containerd/vendor/golang.org/x/crypto
History
Sebastiaan van Stijn 2002411638
vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 
full diff: 60c769a6c5...69ecbb4d6d

Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
to address CVE-2020-7919:

Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-28 18:46:31 +01:00
..
otr Update x/crypto to 88737f569e3a9c7ab309cdc09a07fe7fc87233c3 2019-04-18 19:01:11 +02:00
ssh vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 2020-01-28 18:46:31 +01:00
go.mod vendor: update golang.org/x/crypto 69ecbb4d6d5dab05e49161c6e77ea40a030884e1 2020-01-28 18:46:31 +01:00
LICENSE Update to cri v1.0.0-rc.0 2018-03-26 22:24:25 +00:00
PATENTS Update to cri v1.0.0-rc.0 2018-03-26 22:24:25 +00:00
README.md Update to cri v1.0.0-rc.0 2018-03-26 22:24:25 +00:00

README.md

Go Cryptography

This repository holds supplementary Go cryptography libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with "x/crypto:" in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.