https://bugzilla.suse.com/show_bug.cgi?id=1234573 https://bugzilla.suse.com/show_bug.cgi?id=1234573#c4 Andrea Mattiazzo <andrea.mattiazzo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED Flags|needinfo?(andrea.mattiazzo@ | |suse.com) | --- Comment #4 from Andrea Mattiazzo <andrea.mattiazzo@suse.com> --- golang.org/x/crypto/ssh is present inside the vendor tar of openSUSE:Backports:SLE-15-SP6 which is at version 1.5, in Factory I don't found it, probably the dependency was dropped with the upgrade to version 2. Anyway I also don't see any call to the vulnerable function from the application, so we can close it as INVALID. -- You are receiving this mail because: You are on the CC list for the bug.