| What | Removed | Added |
|---|---|---|
| Resolution | --- | INVALID |
| Status | NEW | RESOLVED |
| Flags | needinfo?(andrea.mattiazzo@suse.com) |
golang.org/x/crypto/ssh is present inside the vendor tar of openSUSE:Backports:SLE-15-SP6 which is at version 1.5, in Factory I don't found it, probably the dependency was dropped with the upgrade to version 2. Anyway I also don't see any call to the vulnerable function from the application, so we can close it as INVALID.