From 23da1cec6c9cf541095012122084da019fff9b92 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 10 Mar 2023 10:22:54 +0100 Subject: [PATCH] update to go1.19.7 Includes a security fix for crypto/elliptic (CVE-2023-24532). > go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic > package, as well as bug fixes to the linker, the runtime, and the crypto/x509 > and syscall packages. See the Go 1.19.7 milestone on our issue tracker for > details. https://go.dev/doc/devel/release#go1.19.minor From the announcement: > We have just released Go versions 1.20.2 and 1.19.7, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results > > The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an > incorrect result if called with some specific unreduced scalars (a scalar larger > than the order of the curve). > > This does not impact usages of crypto/ecdsa or crypto/ecdh. > > This is CVE-2023-24532 and Go issue https://go.dev/issue/58647. Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 08504a74bf..9d3f56380e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 40bf2215e8..a1bce32550 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.19.6" + default = "1.19.7" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 981db58d11..f85ed3f80d 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG BUILDX_VERSION=0.10.3 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index a4e355c03d..3cd740c9f7 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG GOLANGCI_LINT_VERSION=v1.49.0