Tab complete user names. #9
Comments
|
Sorry missed to read the TODO, seems like PR #5 is doing that, thanks! |
bsiegert
added a commit
to bsiegert/ssh-chat
that referenced
this issue
Dec 22, 2023
This fixes the following vulnerabilities, as reported by govulncheck: Vulnerability shazow#1: GO-2023-2402 Man-in-the-middle attacker can compromise integrity of secure channel in golang.org/x/crypto More info: https://pkg.go.dev/vuln/GO-2023-2402 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877 Fixed in: golang.org/x/crypto@v0.17.0 Example traces found: shazow#1: work/ssh-chat-1.10/sshd/client.go:42:33: sshd.ConnectShell calls ssh.Client.NewSession shazow#2: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial shazow#3: work/ssh-chat-1.10/sshd/net.go:49:2: sshd.SSHListener.handleConn calls ssh.DiscardRequests shazow#4: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn shazow#5: work/ssh-chat-1.10/sshd/terminal.go:222:13: sshd.Terminal.listen calls ssh.Request.Reply shazow#6: work/ssh-chat-1.10/sshd/client.go:46:2: sshd.ConnectShell calls ssh.Session.Close shazow#7: work/ssh-chat-1.10/sshd/client.go:70:30: sshd.ConnectShell calls ssh.Session.SendRequest shazow#8: work/ssh-chat-1.10/sshd/client.go:65:21: sshd.ConnectShell calls ssh.Session.Shell shazow#9: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.channel.Read shazow#10: work/ssh-chat-1.10/sshd/terminal/terminal.go:954:17: terminal.Terminal.SetBracketedPasteMode calls io.WriteString, which calls ssh.channel.Write shazow#11: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:243:14: ssh.main calls fmt.Fprintln, which eventually calls ssh.extChannel.Read Vulnerability shazow#4: GO-2022-0968 Panic on malformed packets in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2022-0968 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877 Fixed in: golang.org/x/crypto@v0.0.0-20211202192323-5770296d904e Example traces found: shazow#1: work/ssh-chat-1.10/sshd/client.go:36:23: sshd.ConnectShell calls ssh.Dial shazow#2: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn Vulnerability shazow#5: GO-2021-0356 Denial of service via crafted Signer in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2021-0356 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877 Fixed in: golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b Example traces found: shazow#1: work/ssh-chat-1.10/cmd/ssh-chat/cmd.go:122:19: ssh.main calls ssh.ServerConfig.AddHostKey Vulnerability shazow#6: GO-2021-0227 Panic on crafted authentication request message in golang.org/x/crypto/ssh More info: https://pkg.go.dev/vuln/GO-2021-0227 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877 Fixed in: golang.org/x/crypto@v0.0.0-20201216223049-8b5274cf687f Example traces found: shazow#1: work/ssh-chat-1.10/sshd/net.go:43:55: sshd.SSHListener.handleConn calls ssh.NewServerConn
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Just like any other IRC client.
The text was updated successfully, but these errors were encountered: