From cebd1389f4f22956516952eafb1183d1326907d3 Mon Sep 17 00:00:00 2001 From: Stefan Agner Date: Wed, 29 Mar 2023 15:06:21 +0200 Subject: [PATCH] package/docker-engine: security bump version to v23.0.2 Fixes the following security issue: - CVE-2023-26054: (Buildkit): Credentials inlined to Git URLs could end up in provenance attestation https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc In addition, a number of issues have been fixed. For the full list, see: https://github.com/moby/moby/releases/tag/v23.0.2 Signed-off-by: Stefan Agner [Peter: Mark as security bump] Signed-off-by: Peter Korsgaard --- package/docker-engine/docker-engine.hash | 2 +- package/docker-engine/docker-engine.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/docker-engine/docker-engine.hash b/package/docker-engine/docker-engine.hash index 99ab5e4003..4b7c026eef 100644 --- a/package/docker-engine/docker-engine.hash +++ b/package/docker-engine/docker-engine.hash @@ -1,3 +1,3 @@ # Locally calculated -sha256 c8e6c0ac5f0c772023e3430f80190e0f86644b6d94cac63118b03561385f7b56 docker-engine-23.0.1.tar.gz +sha256 4caca59c774445a5aad6114d89c97c88d9705f048704fecdd3f5712cb369dc39 docker-engine-23.0.2.tar.gz sha256 7c87873291f289713ac5df48b1f2010eb6963752bbd6b530416ab99fc37914a8 LICENSE diff --git a/package/docker-engine/docker-engine.mk b/package/docker-engine/docker-engine.mk index c61aa491c2..a27625a38e 100644 --- a/package/docker-engine/docker-engine.mk +++ b/package/docker-engine/docker-engine.mk @@ -4,7 +4,7 @@ # ################################################################################ -DOCKER_ENGINE_VERSION = 23.0.1 +DOCKER_ENGINE_VERSION = 23.0.2 DOCKER_ENGINE_SITE = $(call github,moby,moby,v$(DOCKER_ENGINE_VERSION)) DOCKER_ENGINE_LICENSE = Apache-2.0