Advisories for Golang/Github.com/Theupdateframework/Go-Tuf package

Improper Neutralization in github.com/theupdateframework/go-tuf.

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In …