UbuntuUpdates.org

Package "golang-go.crypto"

Name: golang-go.crypto

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Supplementary Go cryptography libraries
Latest version: 1:0.0~git20200221.2aa609c-1
Release: focal (20.04)
Level: base
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "golang-go.crypto" in Focal

No other version of this package is available in the Focal release.

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:0.0~git20200221.2aa609c-1 2020-04-14 19:06:39 UTC

  golang-go.crypto (1:0.0~git20200221.2aa609c-1) unstable; urgency=high

  * New upstream version 0.0~git20200221.2aa609c
    - ssh: return an error for malformed ed25519 public keys
      rather than panic (v0.0.0-20200220183623-bac4c82f6975).
      Fixes CVE-2020-9283 (Closes: #952462)
  * Previously uploaded upstream version 0.0~git20190701.4def268 contains:
    - salsa20/salsa: fix keystream loop in amd64 assembly when overflowing
      32-bit counter (commit b7391e9, 2019-03-20). Fixes CVE-2019-11840
    - openpgp/clearsign: reject potentially misleading headers and messages
      (commit c05e17b, 2019-04-24). Fixes CVE-2019-11841
  * debian/gbp.conf: Set debian-branch to debian/sid for DEP-14 conformance
  * Bump Standards-Version to 4.5.0 (no change)
  * debian/copyright: Add Upstream-Contact
  * Remove d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch
    which has been applied upstream as commit 9756ffd
  * Build-Depends on dh-golang (>= 1.48~) to prevent
    "no non-test Go files" error in internal/wycheproof during build
  * Add d/patches/0001-skip-wycheproof_test.patch to skip test
    that access the Internet with "go mod download -json"
  * Override dh_auto_install with --no-binaries
    to prevent /usr/bin/acmeprobe from being built

 -- Anthony Fok <email address hidden> Wed, 26 Feb 2020 13:36:38 -0700
952462 Ubuntustudio 12.04 installer has unreadable text
CVE-2020-9283 golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh pack
CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64
CVE-2019-11841 A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to t


About   -   Send Feedback to @ubuntu_updates