|author||Roland Shoemaker <firstname.lastname@example.org>||Wed Dec 16 10:17:34 2020 -0800|
|committer||Roland Shoemaker <email@example.com>||Wed Dec 16 22:30:49 2020 +0000|
ssh: disallow gssapi-with-mic if GSSAPIWithMICConfig is not set The ability to trigger the 'gssapi-with-mic' authentication method is not properly gated by the presence of the GSSAPIWithMICConfig field of the ServerConfig type. If this field is not set and a client sends a 'gssapi-with-mic' request, regardless of if the server advertises it, the server will panic. This issue was discovered and reported by Joern Schneewesiz, GitLab Security Research Team. Fixes CVE-2020-29652 Change-Id: Ie25de2766e442c8ab46680aae3ac89b0823cdeed Reviewed-on: https://go-review.googlesource.com/c/crypto/+/278852 Trust: Roland Shoemaker <firstname.lastname@example.org> Run-TryBot: Roland Shoemaker <email@example.com> Reviewed-by: Filippo Valsorda <firstname.lastname@example.org> TryBot-Result: Go Bot <email@example.com>
This repository holds supplementary Go cryptography libraries.
The easiest way to install is to run
go get -u golang.org/x/crypto/.... You can also manually git clone the repository to
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.
Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.