[Secure-testing-commits] r51063 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Apr 26 11:55:28 UTC 2017
Author: carnil
Date: 2017-04-26 11:55:28 +0000 (Wed, 26 Apr 2017)
New Revision: 51063
Modified:
data/CVE/list
Log:
CVE-2017-3204/golang-go.crypto fixed in unstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-04-26 09:53:06 UTC (rev 51062)
+++ data/CVE/list 2017-04-26 11:55:28 UTC (rev 51063)
@@ -14685,7 +14685,7 @@
CVE-2017-3205
RESERVED
CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host ...)
- - golang-go.crypto <unfixed> (bug #859655)
+ - golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (bug #859655)
[jessie] - golang-go.crypto <no-dsa> (In jessie no rdeps using SSH, that version doesn't even support host key validation)
NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
NOTE: https://github.com/golang/go/issues/19767
More information about the Secure-testing-commits
mailing list