Your message dated Mon, 29 May 2017 14:56:15 -0500
with message-id <>
and subject line 
has caused the Debian Bug report #859655,
regarding golang-go.crypto: CVE-2017-3204
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Source: golang-go.crypto
Version: 1:0.0~git20161012.0.5f31782-1
Severity: grave
Tags: upstream patch security


the following vulnerability was published for golang-go.crypto.

| The Go SSH library (x/crypto/ssh) by default does not verify host
| keys, facilitating man-in-the-middle attacks. Default behavior changed
| in commit e4e2799 to require explicitly registering a hostkey
| verification mechanism.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


--- End Message ---
--- Begin Message ---
Unless I missed something, this has been resolved. Closing.

Michael Lustfield

--- End Message ---
Pkg-go-maintainers mailing list

Reply via email to