beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/vendor/golang.org/x
History
Sebastiaan van Stijn 87a1517f8f
vendor: golang.org/x/net v0.7.0 
This addresses the same CVE as is patched in go1.19.6. From that announcement:

> net/http: avoid quadratic complexity in HPACK decoding
>
> A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
> in the HPACK decoder, sufficient to cause a denial of service from a small
> number of small requests.
>
> This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
> configuring HTTP/2.
>
> This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a36286cf89)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-22 13:33:56 +01:00
..
crypto vendor: golang.org/x/crypto v0.2.0 2022-12-09 00:00:58 +01:00
net vendor: golang.org/x/net v0.7.0 2023-02-22 13:33:56 +01:00
oauth2 vendor: golang.org/x/oauth2 v0.1.0 2022-11-15 17:06:19 +01:00
sync vendor: golang.org/x/sync v0.1.0 2022-11-15 14:56:04 +01:00
sys vendor: golang.org/x/sys v0.5.0 2023-02-22 13:33:32 +01:00
text daemon/config: support alternate (common) unicode encodings using a BOM 2023-01-17 13:45:47 +01:00
time vendor: golang.org/x/time v0.1.0 2022-11-15 14:56:12 +01:00