Changelog
golang-go.crypto (1:0.0~git20200221.2aa609c-1) unstable; urgency=high
* New upstream version 0.0~git20200221.2aa609c
- ssh: return an error for malformed ed25519 public keys
rather than panic (v0.0.0-20200220183623-bac4c82f6975).
Fixes CVE-2020-9283 (Closes: #952462)
* Previously uploaded upstream version 0.0~git20190701.4def268 contains:
- salsa20/salsa: fix keystream loop in amd64 assembly when overflowing
32-bit counter (commit b7391e9, 2019-03-20). Fixes CVE-2019-11840
- openpgp/clearsign: reject potentially misleading headers and messages
(commit c05e17b, 2019-04-24). Fixes CVE-2019-11841
* debian/gbp.conf: Set debian-branch to debian/sid for DEP-14 conformance
* Bump Standards-Version to 4.5.0 (no change)
* debian/copyright: Add Upstream-Contact
* Remove d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch
which has been applied upstream as commit 9756ffd
* Build-Depends on dh-golang (>= 1.48~) to prevent
"no non-test Go files" error in internal/wycheproof during build
* Add d/patches/0001-skip-wycheproof_test.patch to skip test
that access the Internet with "go mod download -json"
* Override dh_auto_install with --no-binaries
to prevent /usr/bin/acmeprobe from being built
-- Anthony Fok <email address hidden> Wed, 26 Feb 2020 13:36:38 -0700
