[Buildroot] [git commit branch/2023.02.x] package/docker-engine: security bump version to v23.0.2
Peter Korsgaard
peter at korsgaard.com
Mon Apr 10 19:32:55 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=75a10d935f81dee4b7b3ec26718b1252014d2b3b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x
Fixes the following security issue:
- CVE-2023-26054: (Buildkit): Credentials inlined to Git URLs could end up
in provenance attestation
https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
In addition, a number of issues have been fixed. For the full list, see:
https://github.com/moby/moby/releases/tag/v23.0.2
Signed-off-by: Stefan Agner <stefan at agner.ch>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit cebd1389f4f22956516952eafb1183d1326907d3)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/docker-engine/docker-engine.hash | 2 +-
package/docker-engine/docker-engine.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 99ab5e4003..4b7c026eef 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 c8e6c0ac5f0c772023e3430f80190e0f86644b6d94cac63118b03561385f7b56 docker-engine-23.0.1.tar.gz
+sha256 4caca59c774445a5aad6114d89c97c88d9705f048704fecdd3f5712cb369dc39 docker-engine-23.0.2.tar.gz
sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index c61aa491c2..a27625a38e 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_ENGINE_VERSION = 23.0.1
+DOCKER_ENGINE_VERSION = 23.0.2
DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
DOCKER_ENGINE_LICENSE = Apache-2.0
More information about the buildroot
mailing list