Closed mtrmac closed 10 months ago
https://github.com/go-jose/go-jose/releases/tag/v3.0.1 reports a DoS in code that is called by ocicrypt.
Typically I wouldn’t expect users to want to DoS themselves, but updating would at least silence neurotic vulnerability scanners.
(c/image will update either way, in https://github.com/containers/image/pull/2188 .)
Thanks.
stefanberger
commented
10 months ago stefanberger
commented
10 months ago
https://github.com/go-jose/go-jose/releases/tag/v3.0.1 reports a DoS in code that is called by ocicrypt.
Typically I wouldn’t expect users to want to DoS themselves, but updating would at least silence neurotic vulnerability scanners.
(c/image will update either way, in https://github.com/containers/image/pull/2188 .)