)]}'
{
  "commit": "9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
  "tree": "c9b72524f94ca6c058ed9f39c72188f02ff08804",
  "parents": [
    "4e5a26183ecb4f9a0f85c8f8dbe7982885435436"
  ],
  "author": {
    "name": "Roland Shoemaker",
    "email": "bracewell@google.com",
    "time": "Mon Nov 20 12:06:18 2023 -0800"
  },
  "committer": {
    "name": "Roland Shoemaker",
    "email": "roland@golang.org",
    "time": "Mon Dec 18 16:33:08 2023 +0000"
  },
  "message": "ssh: implement strict KEX protocol changes\n\nImplement the \"strict KEX\" protocol changes, as described in section\n1.9 of the OpenSSH PROTOCOL file (as of OpenSSH version 9.6/9.6p1).\n\nNamely this makes the following changes:\n  * Both the server and the client add an additional algorithm to the\n    initial KEXINIT message, indicating support for the strict KEX mode.\n  * When one side of the connection sees the strict KEX extension\n    algorithm, the strict KEX mode is enabled for messages originating\n    from the other side of the connection. If the sequence number for\n    the side which requested the extension is not 1 (indicating that it\n    has already received non-KEXINIT packets), the connection is\n    terminated.\n  * When strict kex mode is enabled, unexpected messages during the\n    handshake are considered fatal. Additionally when a key change\n    occurs (on the receipt of the NEWKEYS message) the message sequence\n    numbers are reset.\n\nThanks to Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk from Ruhr\nUniversity Bochum for reporting this issue.\n\nFixes CVE-2023-48795\nFixes golang/go#64784\n\nChange-Id: I96b53afd2bd2fb94d2b6f2a46a5dacf325357604\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/550715\nReviewed-by: Nicola Murino \u003cnicola.murino@gmail.com\u003e\nReviewed-by: Tatiana Bradley \u003ctatianabradley@google.com\u003e\nTryBot-Result: Gopher Robot \u003cgobot@golang.org\u003e\nRun-TryBot: Roland Shoemaker \u003croland@golang.org\u003e\nReviewed-by: Damien Neil \u003cdneil@google.com\u003e\nLUCI-TryBot-Result: Go LUCI \u003cgolang-scoped@luci-project-accounts.iam.gserviceaccount.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "49bbba769291abdebd41b0f26f3209b9fb329dfc",
      "old_mode": 33188,
      "old_path": "ssh/handshake.go",
      "new_id": "56cdc7c21c3b2a0e91616f7cd9c29eff5c7fdcfb",
      "new_mode": 33188,
      "new_path": "ssh/handshake.go"
    },
    {
      "type": "modify",
      "old_id": "65afc2059ecdd554b22ef5ce1ab08408454dd5e0",
      "old_mode": 33188,
      "old_path": "ssh/handshake_test.go",
      "new_id": "2bc607b64938d2d9b1a1c426e55d53ca777b67a4",
      "new_mode": 33188,
      "new_path": "ssh/handshake_test.go"
    },
    {
      "type": "modify",
      "old_id": "da015801ea5bf2854e904bf66b9330c864e6c617",
      "old_mode": 33188,
      "old_path": "ssh/transport.go",
      "new_id": "0424d2d37c0bb1ff49986a4872dac8fc26c71745",
      "new_mode": 33188,
      "new_path": "ssh/transport.go"
    }
  ]
}