projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0161899)
package/docker-cli: security bump to 19.03.5
authorChristian Stewart <christian@paral.in>
Tue, 3 Dec 2019 04:50:03 +0000 (20:50 -0800)
committerPeter Korsgaard <peter@korsgaard.com>
Sun, 5 Jan 2020 21:54:38 +0000 (22:54 +0100)
Fixes the following security vulnerabilities:

- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
  Library (aka glibc), code injection can occur when the nsswitch facility
  dynamically loads a library inside a chroot that contains the contents of
  the container

Signed-off-by: Christian Stewart <christian@paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/docker-cli/docker-cli.hash patch | blob | history
package/docker-cli/docker-cli.mk patch | blob | history

diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash
index 061e61173540043ba8212ed3a06691524f1af648..44f13c8bfc0952b2ce8c642ba1040eb3723493eb 100644 (file)
--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  cef3f9e8615cde906619f7ab021655a8b974d1b497ce0e5787b1afccbeabb08d  docker-cli-18.09.9.tar.gz
+sha256 00d06baf4793794c0fd9ecad5b7e95aed6eb942f24c8b6e2d7c7f7564b9743ad  docker-cli-19.03.5.tar.gz
 sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0  LICENSE
diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk
index 201d782e1d50c82265238c081d151e9cb6b5a9da..4ad30e02789b58188746511de7a60bbb27d08dee 100644 (file)
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CLI_VERSION = 18.09.9
+DOCKER_CLI_VERSION = 19.03.5
 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
 DOCKER_CLI_WORKSPACE = gopath