Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.32492
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.32492
<patchinfo incident="32492"> <issue tracker="jsc" id="SLE-23476"/> <issue tracker="cve" id="2023-48795"/> <issue tracker="bnc" id="1218207">VUL-0: CVE-2023-48795: cosign: golang.org/x/crypto/ssh: prefix truncation breaking ssh channel integrity</issue> <packager>msmeissn</packager> <rating>important</rating> <category>security</category> <summary>Security update for rekor</summary> <description>This update for rekor fixes the following issues: update to 1.3.5 (jsc#SLE-23476): - Additional unique index correction - Remove timestamp from checkpoint - Drop conditional when verifying entry checkpoint - Fix panic for DSSE canonicalization - Change Redis value for locking mechanism - give log timestamps nanosecond precision - output trace in slog and override correlation header name - bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207) Updated to 1.3.4: * add mysql indexstorage backend * add s3 storage for attestations * fix: Do not check for pubsub.topics.get on initialization * fix optional field in cose schema * Update ranges.go * update indexstorage interface to reduce roundtrips * use a single validator library in rekor-cli * Remove go-playground/validator dependency from pkg/pki Updated to rekor 1.3.3 (jsc#SLE-23476): - Update signer flag description - update trillian to 1.5.3 - adds redis_auth - Add method to get artifact hash for an entry - make e2e tests more usable with docker-compose - install go at correct version for codeql Updated to rekor 1.3.2 (jsc#SLE-23476): Updated to rekor 1.3.1 (jsc#SLE-23476): New Features: - enable GCP cloud profiling on rekor-server (#1746) - move index storage into interface (#1741) - add info to readme to denote additional documentation sources (#1722) - Add type of ed25519 key for TUF (#1677) - Allow parsing base64-encoded TUF metadata and root content (#1671) Quality Enhancements: - disable quota in trillian in test harness (#1680) Bug Fixes: - Update contact for code of conduct (#1720) - Fix panic when parsing SSH SK pubkeys (#1712) - Correct index creation (#1708) - docs: fixzes a small typo on the readme (#1686) - chore: fix backfill-redis Makefile target (#1685) Updated to rekor 1.3.0 (jsc#SLE-23476): - Update openapi.yaml (#1655) - pass transient errors through retrieveLogEntry (#1653) - return full entryID on HTTP 409 responses (#1650) - feat: Support publishing new log entries to Pub/Sub topics (#1580) - Change values of Identity.Raw, add fingerprints (#1628) - Extract all subjects from SANs for x509 verifier (#1632) - Fix type comment for Identity struct (#1619) - Refactor Identities API (#1611) - Refactor Verifiers to return multiple keys (#1601) - Update checkpoint link (#1597) - Use correct log index in inclusion proof (#1599) - remove instrumentation library (#1595) Updated to rekor 1.2.2 (jsc#SLE-23476): - pass down error with message instead of nil - swap killswitch for 'docker-compose restart' - CVE-2023-48795: Fixed Terrapin attack in embedded golang.org/x/crypto/ssh (bsc#1218207). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor