)]}'
{
  "commit": "bac4c82f69751a6dd76e702d54b3ceb88adab236",
  "tree": "d72fe5ba5bb205a707bdca2f59e35dbb8f043c48",
  "parents": [
    "1ad67e1f0ef495d4014b6ffd8f2cf80f91fffbce"
  ],
  "author": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Tue Feb 11 18:53:37 2020 -0500"
  },
  "committer": {
    "name": "Filippo Valsorda",
    "email": "filippo@golang.org",
    "time": "Thu Feb 20 18:36:23 2020 +0000"
  },
  "message": "ssh: return an error for malformed ed25519 public keys rather than panic\n\nAn attacker can craft an ssh-ed25519 or sk-ssh-ed25519@openssh.com\npublic key, such that the library will panic when trying to verify a\nsignature with it. Clients can deliver such a public key and signature\nto any golang.org/x/crypto/ssh server with a PublicKeyCallback, and\nservers can deliver them to any golang.org/x/crypto/ssh client.\n\nThis issue was discovered and reported by Alex Gaynor, Fish in a Barrel,\nand is tracked as CVE-2020-9283.\n\nChange-Id: Ie25b78a0b0181fbbc8cc7de4f4e27d908777529c\nReviewed-on: https://go-review.googlesource.com/c/crypto/+/220357\nRun-TryBot: Filippo Valsorda \u003cfilippo@golang.org\u003e\nReviewed-by: Katie Hockman \u003ckatie@golang.org\u003e\nTryBot-Result: Gobot Gobot \u003cgobot@golang.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "d63cbf60b7e7b9cf6507fd5309ec9a8b9e535c06",
      "old_mode": 33188,
      "old_path": "ssh/keys.go",
      "new_id": "06f537c135a557528521bbcced114c9f98c6dd94",
      "new_mode": 33188,
      "new_path": "ssh/keys.go"
    }
  ]
}
