[SECURITY] [DLA 2455-1] packer security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2455-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Brian May
November 19, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : packer
Version : 0.10.2+dfsg-6+deb9u1
CVE ID : CVE-2020-9283
golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in
turn requires all packages that use the affected code to be recompiled in order
to pick up the security fix.
CVE-2020-9283
SSH signature verification could cause Panic when given
invalid Public key.
For Debian 9 stretch, this problem has been fixed in version
0.10.2+dfsg-6+deb9u1.
We recommend that you upgrade your packer packages.
For the detailed security status of packer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/packer
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl+1i6kACgkQKpJZkldk
Svoj+Q/+MCj8B1I+bFcG+bv05XwnCk5sgQgdD5fNdWpJ3W8hVc/l2IYdEk0SiyDE
SMJfBy5Q3Ttq0i0oo0zs5BrHY3+3fsuBZSKzSHxfL0AURheIk6xuKQ33mG5x5elO
eABqUE6sXasaqTy1QR/MT9JAiRpkMPHyQCuWyP95fJQJwdf77fhS6RpeyqsVeVI6
MsS6Fn8VYe0e0GiB3udXRwiMFxfMLXbBFL1XVYK1L60TqhgljoCgXhbgnlPacFXm
5eheDHJfBx0sqtOyej2n+JqLIZJYfVkxFezt04hyG4L5861BfeEby/Q1avEI7Gjp
ZeUxQKUgODnpmZhc4pK2xxGBdT35PSF7YDLqkWXyLynOW4v83u7WjRbxSXcF+8EE
bl5zfP75Z02cX1xOAZo1KnByLkBcBoIUeBd0KNjRMFcmRA4EgSrshKlA084Oa3ui
qoUOuoo/Bxl2ZCjaLAo2aZB8zGGIiJPRNV0L1CXjAA2QrTY/IszglNQpn5J7h2Ga
9zRRh4z29tHj7aT/DYKgVpxtsdSHEkpYEZriQb89AQs57ga4Y36zL9hlG0YmwYPp
0tMY/1993hpC65dPRHRKndKq9p9b+xsuNVGVKLpr2vCoZUQtJh+OEP+8HT1GqEY5
Nv9SZ3Q5e/SbhYLHKCXT2XDklszgEjrJfe1UIV7hKP5mZjDenC0=
=+L0M
-----END PGP SIGNATURE-----
Reply to: