[Buildroot] [git commit branch/2019.02.x] package/docker-cli: security bump to 19.03.5
Peter Korsgaard
peter at korsgaard.com
Fri Jan 10 19:02:58 UTC 2020
commit: https://git.buildroot.net/buildroot/commit/?id=54c2c86d2edc2885f93c78af2b7f2adea5f485c1
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2019.02.x
Fixes the following security vulnerabilities:
- CVE-2019-14271: In Docker 19.03.x before 19.03.1 linked against the GNU C
Library (aka glibc), code injection can occur when the nsswitch facility
dynamically loads a library inside a chroot that contains the contents of
the container
Signed-off-by: Christian Stewart <christian at paral.in>
[Peter: mention security impact]
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit 39cffd535633984c851b71195767951e9db56dc2)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/docker-cli/docker-cli.hash | 2 +-
package/docker-cli/docker-cli.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/docker-cli/docker-cli.hash b/package/docker-cli/docker-cli.hash
index 061e611735..44f13c8bfc 100644
--- a/package/docker-cli/docker-cli.hash
+++ b/package/docker-cli/docker-cli.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 cef3f9e8615cde906619f7ab021655a8b974d1b497ce0e5787b1afccbeabb08d docker-cli-18.09.9.tar.gz
+sha256 00d06baf4793794c0fd9ecad5b7e95aed6eb942f24c8b6e2d7c7f7564b9743ad docker-cli-19.03.5.tar.gz
sha256 2d81ea060825006fc8f3fe28aa5dc0ffeb80faf325b612c955229157b8c10dc0 LICENSE
diff --git a/package/docker-cli/docker-cli.mk b/package/docker-cli/docker-cli.mk
index 201d782e1d..4ad30e0278 100644
--- a/package/docker-cli/docker-cli.mk
+++ b/package/docker-cli/docker-cli.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DOCKER_CLI_VERSION = 18.09.9
+DOCKER_CLI_VERSION = 19.03.5
DOCKER_CLI_SITE = $(call github,docker,cli,v$(DOCKER_CLI_VERSION))
DOCKER_CLI_WORKSPACE = gopath
More information about the buildroot
mailing list