Commit 8eb32c1
UID2-7376: upgrade p11-kit to patch CVE-2026-2100
The Alpine 3.23 base layer ships p11-kit and p11-kit-trust 0.25.5-r2,
which are vulnerable to CVE-2026-2100 (HIGH) - a NULL pointer dereference
via C_DeriveKey. The fixed version 0.26.2-r0 is available in the Alpine
v3.23 repo, but the latest eclipse-temurin base image has not yet picked
it up, so we upgrade explicitly at build time. Both subpackages must be
listed because upgrading p11-kit alone leaves p11-kit-trust vulnerable.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 65ffdc6 commit 8eb32c1
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
0 commit comments