diff options
| author | Sebastiaan van Stijn <github@gone.nl> | 2023-03-10 10:16:50 +0100 |
|---|---|---|
| committer | Sebastiaan van Stijn <github@gone.nl> | 2023-03-10 10:18:11 +0100 |
| commit | 02dec48babfe8342eb22c0c200309e779415261d (patch) | |
| tree | b02fe825b20927df760b132fd7877bf08924fa26 /Dockerfile.simple | |
| parent | 40ff225b8e763ace154243fe99828e5a04bfe7b2 (diff) | |
| download | docker-02dec48babfe8342eb22c0c200309e779415261d.tar.gz | |
update to go1.20.2
Includes a security fix for crypto/elliptic (CVE-2023-24532).
> go1.20.2 (released 2023-03-07) includes a security fix to the crypto/elliptic package,
> as well as bug fixes to the compiler, the covdata command, the linker, the runtime, and
> the crypto/ecdh, crypto/rsa, crypto/x509, os, and syscall packages.
> See the Go 1.20.2 milestone on our issue tracker for details.
https://go.dev/doc/devel/release#go1.20.minor
From the announcement:
> We have just released Go versions 1.20.2 and 1.19.7, minor point releases.
>
> These minor releases include 1 security fixes following the security policy:
>
> - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results
>
> The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an
> incorrect result if called with some specific unreduced scalars (a scalar larger
> than the order of the curve).
>
> This does not impact usages of crypto/ecdsa or crypto/ecdh.
>
> This is CVE-2023-24532 and Go issue https://go.dev/issue/58647.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Diffstat (limited to 'Dockerfile.simple')
| -rw-r--r-- | Dockerfile.simple | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Dockerfile.simple b/Dockerfile.simple index cc7d94a3e6..bc2d500d19 100644 --- a/Dockerfile.simple +++ b/Dockerfile.simple @@ -5,7 +5,7 @@ # This represents the bare minimum required to build and test Docker. -ARG GO_VERSION=1.20.1 +ARG GO_VERSION=1.20.2 ARG BASE_DEBIAN_DISTRO="bullseye" ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}" |