| Message ID | 20230202134149.1864294-1-christian@paral.in |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] package/docker-compose: security bump version to 2.15.1 | expand |
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes: > Fix CVE-2022-27664 and CVE-2022-32149 high-risk vulnerability. > Many other bugfixes, enhancements, and improvements. > https://github.com/docker/compose/releases/tag/v2.15.1 > Signed-off-by: Christian Stewart <christian@paral.in> Committed, thanks.
>>>>> "Christian" == Christian Stewart <christian@paral.in> writes: > Fix CVE-2022-27664 and CVE-2022-32149 high-risk vulnerability. > Many other bugfixes, enhancements, and improvements. > https://github.com/docker/compose/releases/tag/v2.15.1 > Signed-off-by: Christian Stewart <christian@paral.in> Hmm, those CVE's were for issues in go, not in docker-compose, E.G. only a vulnerability in docker-compose's binary releases. We do not use the binaries, so we shouldn't flag such version bumps as security bumps.
diff --git a/package/docker-compose/docker-compose.hash b/package/docker-compose/docker-compose.hash index 7a7ab5f110..2c924d5080 100644 --- a/package/docker-compose/docker-compose.hash +++ b/package/docker-compose/docker-compose.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 5cbf6cd1dd8ce98c5e2d62ca7f622e96abce444979b8e8852b033213a98e2049 docker-compose-2.14.0.tar.gz +sha256 346571ca487bf3f4b3dc9caeadc88a645354b0e098fa60f350249ec35ab3f240 docker-compose-2.15.1.tar.gz sha256 58d1e17ffe5109a7ae296caafcadfdbe6a7d176f0bc4ab01e12a689b0499d8bd LICENSE diff --git a/package/docker-compose/docker-compose.mk b/package/docker-compose/docker-compose.mk index ef9ee97196..3bced8bb7b 100644 --- a/package/docker-compose/docker-compose.mk +++ b/package/docker-compose/docker-compose.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_COMPOSE_VERSION = 2.14.0 +DOCKER_COMPOSE_VERSION = 2.15.1 DOCKER_COMPOSE_SITE = $(call github,docker,compose,v$(DOCKER_COMPOSE_VERSION)) DOCKER_COMPOSE_LICENSE = Apache-2.0 DOCKER_COMPOSE_LICENSE_FILES = LICENSE
Fix CVE-2022-27664 and CVE-2022-32149 high-risk vulnerability. Many other bugfixes, enhancements, and improvements. https://github.com/docker/compose/releases/tag/v2.15.1 Signed-off-by: Christian Stewart <christian@paral.in> --- package/docker-compose/docker-compose.hash | 2 +- package/docker-compose/docker-compose.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)