Google Git
Sign in
chromium / external / github.com / docker / cli / 6a0099bc8a8fcfd80a40dd2cbbfb6caff23abbce
commit6a0099bc8a8fcfd80a40dd2cbbfb6caff23abbce[log] [tgz]
authorSebastiaan van Stijn <github@gone.nl>Thu Nov 27 13:38:30 2025
committerSebastiaan van Stijn <github@gone.nl>Thu Nov 27 13:38:30 2025
tree4dd15d5bd7513c2f1d4a73fc1b3e052e2e27e57a
parentc90166ffa6d9de1a1d2f46a1566d012cebe8959e [diff]
cmd/docker-trust: bump golang.org/x/crypto v0.45.0

Hello gophers,

We have tagged version v0.45.0 of golang.org/x/crypto in order to address two
security issues.

This version fixes a vulnerability in the golang.org/x/crypto/ssh package and a
vulnerability in the golang.org/x/crypto/ssh/agent package which could cause
programs to consume unbounded memory or panic respectively.

SSH servers parsing GSSAPI authentication requests don't validate the number of
mechanisms specified in the request, allowing an attacker to cause unbounded
memory consumption.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-58181 and Go issue https://go.dev/issue/76363.

SSH Agent servers do not validate the size of messages when processing new
identity requests, which may cause the program to panic if the message is
malformed due to an out of bounds read.

Thanks to Jakub Ciolek for reporting this issue.

This is CVE-2025-47914 and Go issue https://go.dev/issue/76364.

Cheers, Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2 files changed
tree: 4dd15d5bd7513c2f1d4a73fc1b3e052e2e27e57a
  1. .github/
  2. cli/
  3. cli-plugins/
  4. cmd/
  5. contrib/
  6. dockerfiles/
  7. docs/
  8. e2e/
  9. experimental/
  10. internal/
  11. man/
  12. opts/
  13. pkg/
  14. scripts/
  15. templates/
  16. vendor/
  17. .codecov.yml
  18. .dockerignore
  19. .gitattributes
  20. .gitignore
  21. .golangci.yml
  22. .mailmap
  23. AUTHORS
  24. CONTRIBUTING.md
  25. docker-bake.hcl
  26. docker.Makefile
  27. Dockerfile
  28. LICENSE
  29. MAINTAINERS
  30. Makefile
  31. NOTICE
  32. README.md
  33. SECURITY.md
  34. TESTING.md
  35. vendor.mod
  36. vendor.sum
  37. VERSION
README.md

Docker CLI

PkgGoDev Build Status Test Status Go Report Card OpenSSF Scorecard Codecov

About

This repository is the home of the Docker CLI.

Development

docker/cli is developed using Docker.

Build CLI from source:

docker buildx bake

Build binaries for all supported platforms:

docker buildx bake cross

Build for a specific platform:

docker buildx bake --set binary.platform=linux/arm64

Build dynamic binary for glibc or musl:

USE_GLIBC=1 docker buildx bake dynbinary

Run all linting:

docker buildx bake lint shellcheck

Run test:

docker buildx bake test

List all the available targets:

make help

In-container development environment

Start an interactive development environment:

make -f docker.Makefile shell

Legal

Brought to you courtesy of our legal counsel. For more context, see the NOTICE document in this repo.

Use and transfer of Docker may be subject to certain restrictions by the United States and other governments.

It is your responsibility to ensure that your use and/or transfer does not violate applicable laws.

For more information, see https://www.bis.doc.gov

Licensing

docker/cli is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.