bdac0b38d9
Update Go runtime to 1.18.5 to address CVE-2022-32189.
Full diff: https://github.com/golang/go/compare/go1.18.4...go1.18.5
--------------------------------------------------------
From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.
These minor releases include 1 security fixes following the security
policy:
encoding/gob & math/big: decoding big.Float and big.Rat can panic
Decoding big.Float and big.Rat types can panic if the encoded message is
too short.
This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.5
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6191b662b3)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
11 lines
246 B
Docker
11 lines
246 B
Docker
ARG GO_VERSION=1.18.5
|
|
|
|
FROM golang:${GO_VERSION}-alpine
|
|
|
|
RUN apk add -U git bash coreutils gcc musl-dev
|
|
|
|
ENV CGO_ENABLED=0 \
|
|
DISABLE_WARN_OUTSIDE_CONTAINER=1
|
|
WORKDIR /go/src/github.com/docker/cli
|
|
CMD ./scripts/build/binary
|