[Buildroot] [git commit branch/2023.02.x] package/docker-engine: security bump version to v23.0.2

Peter Korsgaard peter at korsgaard.com
Mon Apr 10 19:32:55 UTC 2023 

commit: https://git.buildroot.net/buildroot/commit/?id=75a10d935f81dee4b7b3ec26718b1252014d2b3b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2023.02.x

Fixes the following security issue:

- CVE-2023-26054: (Buildkit): Credentials inlined to Git URLs could end up
  in provenance attestation
  https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc

In addition, a number of issues have been fixed. For the full list, see:
https://github.com/moby/moby/releases/tag/v23.0.2

Signed-off-by: Stefan Agner <stefan at agner.ch>
[Peter: Mark as security bump]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit cebd1389f4f22956516952eafb1183d1326907d3)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/docker-engine/docker-engine.hash | 2 +-
 package/docker-engine/docker-engine.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash
index 99ab5e4003..4b7c026eef 100644
--- a/package/docker-engine/docker-engine.hash
+++ b/package/docker-engine/docker-engine.hash
@@ -1,3 +1,3 @@
 # Locally calculated
-sha256  c8e6c0ac5f0c772023e3430f80190e0f86644b6d94cac63118b03561385f7b56  docker-engine-23.0.1.tar.gz
+sha256  4caca59c774445a5aad6114d89c97c88d9705f048704fecdd3f5712cb369dc39  docker-engine-23.0.2.tar.gz
 sha256  7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8  LICENSE
diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk
index c61aa491c2..a27625a38e 100644
--- a/package/docker-engine/docker-engine.mk
+++ b/package/docker-engine/docker-engine.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_ENGINE_VERSION = 23.0.1
+DOCKER_ENGINE_VERSION = 23.0.2
 DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION))
 
 DOCKER_ENGINE_LICENSE = Apache-2.0

More information about the buildroot mailing list