Package "golang-golang-x-crypto-dev"

  golang-go.crypto (1:0.0~git20200221.2aa609c-1) unstable; urgency=high

  * New upstream version 0.0~git20200221.2aa609c
    - ssh: return an error for malformed ed25519 public keys
      rather than panic (v0.0.0-20200220183623-bac4c82f6975).
      Fixes CVE-2020-9283 (Closes: #952462)
  * Previously uploaded upstream version 0.0~git20190701.4def268 contains:
    - salsa20/salsa: fix keystream loop in amd64 assembly when overflowing
      32-bit counter (commit b7391e9, 2019-03-20). Fixes CVE-2019-11840
    - openpgp/clearsign: reject potentially misleading headers and messages
      (commit c05e17b, 2019-04-24). Fixes CVE-2019-11841
  * debian/gbp.conf: Set debian-branch to debian/sid for DEP-14 conformance
  * Bump Standards-Version to 4.5.0 (no change)
  * debian/copyright: Add Upstream-Contact
  * Remove d/patches/0001-ssh-test-delete-TestInvalidTerminalMode.patch
    which has been applied upstream as commit 9756ffd
  * Build-Depends on dh-golang (>= 1.48~) to prevent
    "no non-test Go files" error in internal/wycheproof during build
  * Add d/patches/0001-skip-wycheproof_test.patch to skip test
    that access the Internet with "go mod download -json"
  * Override dh_auto_install with --no-binaries
    to prevent /usr/bin/acmeprobe from being built

 -- Anthony Fok <email address hidden> Wed, 26 Feb 2020 13:36:38 -0700