Package: golang-github-tillitis-tkeyclient Version: 1.2.0-2 X-Debbugs-CC: [email protected] Tags: security
This is a bug to track the security vulnerability described here: https://github.com/tillitis/tkeyclient/security/advisories/GHSA-4w7r-3222-8h6v I have uploaded 1.3.0-1 before being asked to open a bug report about the problem, so I can't close this bug report with the upload that fixes it, but will mark the bug as fixed with 1.3.0-1. This library is used by 'tkey-ssh-agent' which I will upload next. The new upstream version makes use of new features in tkeyclient to implement upstream's recommended upgrade path to deal with the security problem. As far as I know, no CVE has been associated with this yet, but upstream (and I) hang out in #tillitis on Matrix/OFTC and I've asked if they want a CVE allocated, but no reply yet. /Simon
signature.asc
Description: PGP signature
