THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // // See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission // for implementation details. // https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf // https://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf package aes import "crypto/internal/fips140deps/byteorder" // Encrypt one block from src into dst, using the expanded key xk. func encryptBlockGeneric(c *blockExpanded,...

THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // // See FIPS 197 for specification, and see Daemen and Rijmen's Rijndael submission // for implementation details. // https://csrc.nist.gov/csrc/media/publications/fips/197/final/documents/fips-197.pdf // https://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf package aes import "crypto/internal/fips140deps/byteorder" // Encrypt one block from src into dst, using the expanded key xk. func encryptBlockGeneric(c *blockExpanded,...

  CVE-2021-29923 golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities.
  Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 ([#104368](https://github.com/kubernetes/kubernetes/pull/104368), [@aojea](https://github.com/aojea))

## Security

* TF is currently using giflib 5.2.1 which has [CVE-2022-28506](https://nvd.nist.gov/vuln/detail/CVE-2022-28506). TF is not affected by the CVE as it does not use `DumpScreen2RGB` at all.