mirror of https://github.com/containers/skopeo.git synced 2025-05-13 10:24:54 +00:00

Miloslav Trmač 518181e595 Update c/image and c/common to latest

... to include https://github.com/containers/image/pull/2173
and https://github.com/containers/common/pull/1731 .

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

2023-11-16 18:21:43 +01:00

443 B

Raw Blame History

v3.0.1

Fixed:

Security issue: an attacker specifying a large "p2c" value can cause JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the disclosure and to Tom Tervoort for originally publishing the category of attack. https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

443 B Raw Blame History

v3.0.1

443 B

Raw Blame History