update to go1.19.7

Includes a security fix for crypto/elliptic (CVE-2023-24532).

> go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic
> package, as well as bug fixes to the linker, the runtime, and the crypto/x509
> and syscall packages. See the Go 1.19.7 milestone on our issue tracker for
> details.

https://go.dev/doc/devel/release#go1.19.minor

From the announcement:

> We have just released Go versions 1.20.2 and 1.19.7, minor point releases.
>
> These minor releases include 1 security fixes following the security policy:
>
> - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
    >
    >   The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
    >   incorrect result if called with some specific unreduced scalars (a scalar larger
    >   than the order of the curve).
    >
    >   This does not impact usages of crypto/ecdsa or crypto/ecdh.
>
> This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2023-03-10 10:22:54 +01:00
parent 677aac9011
commit 23da1cec6c
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
4 changed files with 4 additions and 4 deletions

View File

@ -1,7 +1,7 @@
# syntax=docker/dockerfile:1
ARG BASE_VARIANT=alpine
ARG GO_VERSION=1.19.6
ARG GO_VERSION=1.19.7
ARG ALPINE_VERSION=3.16
ARG XX_VERSION=1.1.1
ARG GOVERSIONINFO_VERSION=v1.3.0

View File

@ -1,5 +1,5 @@
variable "GO_VERSION" {
default = "1.19.6"
default = "1.19.7"
}
variable "VERSION" {
default = ""

View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
ARG GO_VERSION=1.19.6
ARG GO_VERSION=1.19.7
ARG ALPINE_VERSION=3.16
ARG BUILDX_VERSION=0.10.3

View File

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
ARG GO_VERSION=1.19.6
ARG GO_VERSION=1.19.7
ARG ALPINE_VERSION=3.16
ARG GOLANGCI_LINT_VERSION=v1.49.0