Message ID | 20221208223153.4189684-1-christian@paral.in |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/moby-buildkit: security bump to version 0.10.6 | expand |
On Thu, 8 Dec 2022 14:31:53 -0800 Christian Stewart via buildroot <buildroot@buildroot.org> wrote: > CVE-2022-39253: git vulnerability mitigation. > > ... and other bugfixes. > > https://github.com/moby/buildkit/releases/tag/v0.10.6 > > Signed-off-by: Christian Stewart <christian@paral.in> > --- > package/moby-buildkit/moby-buildkit.hash | 2 +- > package/moby-buildkit/moby-buildkit.mk | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Applied to master, thanks. Thomas
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes: > On Thu, 8 Dec 2022 14:31:53 -0800 > Christian Stewart via buildroot <buildroot@buildroot.org> wrote: >> CVE-2022-39253: git vulnerability mitigation. >> >> ... and other bugfixes. >> >> https://github.com/moby/buildkit/releases/tag/v0.10.6 >> >> Signed-off-by: Christian Stewart <christian@paral.in> >> --- >> package/moby-buildkit/moby-buildkit.hash | 2 +- >> package/moby-buildkit/moby-buildkit.mk | 2 +- >> 2 files changed, 2 insertions(+), 2 deletions(-) > Applied to master, thanks. Committed to 2022.11.x, thanks. I did not bump the version in 2022.02.x as the version delta is quite big and we already have an updated git not vulnerable to CVE-2022-39253.
diff --git a/package/moby-buildkit/moby-buildkit.hash b/package/moby-buildkit/moby-buildkit.hash index cfd1c0c946..43ee1b12c9 100644 --- a/package/moby-buildkit/moby-buildkit.hash +++ b/package/moby-buildkit/moby-buildkit.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 5877faf02cbddfb6c988f44b5b373739fed87f4aeb8802c6777fe7be2f772506 moby-buildkit-0.10.0.tar.gz +sha256 5ffe5a2d11736719649dae962461f66df394ae4cc1e58294e5f2bd4d4632d9d0 moby-buildkit-0.10.6.tar.gz sha256 c71d239df91726fc519c6eb72d318ec65820627232b2f796219e87dcf35d0ab4 LICENSE diff --git a/package/moby-buildkit/moby-buildkit.mk b/package/moby-buildkit/moby-buildkit.mk index 667383bf50..59d68a7dca 100644 --- a/package/moby-buildkit/moby-buildkit.mk +++ b/package/moby-buildkit/moby-buildkit.mk @@ -4,7 +4,7 @@ # ################################################################################ -MOBY_BUILDKIT_VERSION = 0.10.0 +MOBY_BUILDKIT_VERSION = 0.10.6 MOBY_BUILDKIT_SITE = $(call github,moby,buildkit,v$(MOBY_BUILDKIT_VERSION)) MOBY_BUILDKIT_LICENSE = Apache-2.0 MOBY_BUILDKIT_LICENSE_FILES = LICENSE
CVE-2022-39253: git vulnerability mitigation. ... and other bugfixes. https://github.com/moby/buildkit/releases/tag/v0.10.6 Signed-off-by: Christian Stewart <christian@paral.in> --- package/moby-buildkit/moby-buildkit.hash | 2 +- package/moby-buildkit/moby-buildkit.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)