update to go1.19.7

Includes a security fix for crypto/elliptic (CVE-2023-24532). > go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic > package, as well as bug fixes to the linker, the runtime, and the crypto/x509 > and syscall packages. See the Go 1.19.7 milestone on our issue tracker for > details. https://go.dev/doc/devel/release#go1.19.minor From the announcement: > We have just released Go versions 1.20.2 and 1.19.7, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results > > The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an > incorrect result if called with some specific unreduced scalars (a scalar larger > than the order of the curve). > > This does not impact usages of crypto/ecdsa or crypto/ecdh. > > This is CVE-2023-24532 and Go issue https://go.dev/issue/58647. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-10 10:22:54 +01:00 · 2023-03-10 10:22:54 +01:00 · 23da1cec6c
parent 677aac9011
commit 23da1cec6c
4 changed files with 4 additions and 4 deletions
--- a/2
+++ b/2
@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1

 ARG BASE_VARIANT=alpine
-ARG GO_VERSION=1.19.6
+ARG GO_VERSION=1.19.7
 ARG ALPINE_VERSION=3.16
 ARG XX_VERSION=1.1.1
 ARG GOVERSIONINFO_VERSION=v1.3.0
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,5 +1,5 @@
 variable "GO_VERSION" {
-    default = "1.19.6"
+    default = "1.19.7"
 }
 variable "VERSION" {
    default = ""
--- a/dockerfiles/Dockerfile.dev
+++ b/dockerfiles/Dockerfile.dev
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.19.6
+ARG GO_VERSION=1.19.7
 ARG ALPINE_VERSION=3.16

 ARG BUILDX_VERSION=0.10.3
--- a/dockerfiles/Dockerfile.lint
+++ b/dockerfiles/Dockerfile.lint
@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1

-ARG GO_VERSION=1.19.6
+ARG GO_VERSION=1.19.7
 ARG ALPINE_VERSION=3.16
 ARG GOLANGCI_LINT_VERSION=v1.49.0