Bump Golang 1.10.6 (CVE-2018-16875)

go1.10.6 (released 2018/12/14) - crypto/x509: CPU denial of service in chain validation golang/go#29233 - cmd/go: directory traversal in "go get" via curly braces in import paths golang/go#29231 - cmd/go: remote command execution during "go get -u" golang/go#29230 See the Go 1.10.6 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.10.6 Signed-off-by: Sebastiaan van Stijn <[email protected]> Upstream-commit: 8afe9f422dc0183ce48e1db09189ccbde634080a Component: engine
docker-archive · Dec 13, 2018 · 3e10549 · 3e10549
1 parent b412443
commit 3e10549
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 5 deletions.
diff --git a/components/engine/Dockerfile b/components/engine/Dockerfile
@@ -24,10 +24,10 @@
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM golang:1.10.5 AS base
+FROM golang:1.10.6 AS base
 # FIXME(vdemeester) this is kept for other script depending on it to not fail right away
 # Remove this once the other scripts uses something else to detect the version
-ENV GO_VERSION 1.10.5
+ENV GO_VERSION 1.10.6
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
 RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list

diff --git a/components/engine/Dockerfile.e2e b/components/engine/Dockerfile.e2e
@@ -1,5 +1,5 @@
 ## Step 1: Build tests
-FROM golang:1.10.5-alpine3.7 as builder
+FROM golang:1.10.6-alpine3.7 as builder
 
 RUN apk add --update \
     bash \

diff --git a/components/engine/Dockerfile.simple b/components/engine/Dockerfile.simple
@@ -42,7 +42,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 #            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
 # IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
-ENV GO_VERSION 1.10.5
+ENV GO_VERSION 1.10.6
 RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
 	| tar -xzC /usr/local
 ENV PATH /go/bin:/usr/local/go/bin:$PATH

diff --git a/components/engine/Dockerfile.windows b/components/engine/Dockerfile.windows
@@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.10.5 `
+ENV GO_VERSION=1.10.6 `
     GIT_VERSION=2.11.1 `
     GOPATH=C:\go `
     FROM_DOCKERFILE=1