Message ID | 20211015125944.10587-1-peter@korsgaard.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/2] package/docker-cli: security bump to version 20.10.9 | expand |
Reviewed-by: Christian Stewart <christian@paral.in> On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter@korsgaard.com> wrote: > > Fixes the following security issue: > > - CVE-2021-41092: Ensure default auth config has address field set, to > prevent credentials being sent to the default registry. > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Thanks, Christian > +++ b/package/docker-cli/docker-cli.hash > @@ -1,3 +1,3 @@ > # Locally calculated > -sha256 cde34bbefd70fa27b44dfa904c40db84b89abf237e5267dcd08603b459a89253 docker-cli-20.10.8.tar.gz > +sha256 d91010813824070dd2380013c8f343e61e6dda170f7853f024bda39b432b64ba docker-cli-20.10.9.tar.gz
On Fri, 15 Oct 2021 14:59:42 +0200 Peter Korsgaard <peter@korsgaard.com> wrote: > Fixes the following security issue: > > - CVE-2021-41092: Ensure default auth config has address field set, to > prevent credentials being sent to the default registry. > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > --- > package/docker-cli/docker-cli.hash | 2 +- > package/docker-cli/docker-cli.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Both applied, thanks! Thomas
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes: > Reviewed-by: Christian Stewart <christian@paral.in> > On Fri, Oct 15, 2021 at 5:59 AM Peter Korsgaard <peter@korsgaard.com> wrote: >> >> Fixes the following security issue: >> >> - CVE-2021-41092: Ensure default auth config has address field set, to >> prevent credentials being sent to the default registry. >> >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2021.02.x and 2021.08.x, thanks.
diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash index 9021362c98..6eb9413a11 100644 --- a/package/docker-cli/docker-cli.hash +++ b/package/docker-cli/docker-cli.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 cde34bbefd70fa27b44dfa904c40db84b89abf237e5267dcd08603b459a89253 docker-cli-20.10.8.tar.gz +sha256 d91010813824070dd2380013c8f343e61e6dda170f7853f024bda39b432b64ba docker-cli-20.10.9.tar.gz sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk index 10776a4e1e..3a344bca36 100644 --- a/package/docker-cli/docker-cli.mk +++ b/package/docker-cli/docker-cli.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_CLI_VERSION = 20.10.8 +DOCKER_CLI_VERSION = 20.10.9 DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION)) DOCKER_CLI_LICENSE = Apache-2.0
Fixes the following security issue: - CVE-2021-41092: Ensure default auth config has address field set, to prevent credentials being sent to the default registry. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/docker-cli/docker-cli.hash | 2 +- package/docker-cli/docker-cli.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)