From a916bfef8da636974e56dfd908a94462a48afa45 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9ophile=20Diot?= <tdiot@bunkerity.com>
Date: Tue, 21 May 2024 15:18:48 +0100
Subject: [PATCH] Fix CVE CVE-2024-4603

---
 src/autoconf/Dockerfile | 1 +
 src/ui/Dockerfile       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/autoconf/Dockerfile b/src/autoconf/Dockerfile
index 76fbde2e1..e250737b2 100644
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@@ -62,6 +62,7 @@ RUN apk add --no-cache bash && \
 
 # Fix CVEs
 RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
+RUN apk add --no-cache "libcrypto3>=3.1.5-r0" "libssl3>=3.1.5-r0" # CVE-2024-4603
 
 LABEL maintainer "Bunkerity <contact@bunkerity.com>"
 LABEL version "1.5.7"
diff --git a/src/ui/Dockerfile b/src/ui/Dockerfile
index 042fde888..7f9af3bb3 100644
--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@@ -63,6 +63,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-client postgresql-client sqli
 
 # Fix CVEs
 RUN apk add --no-cache "busybox>=1.36.1-r17" "busybox-binsh>=1.36.1-r17" "ssl_client>=1.36.1-r17" # CVE-2023-42363 CVE-2023-42364 CVE-2023-42365 CVE-2023-42366
+RUN apk add --no-cache "libcrypto3>=3.1.5-r0" "libssl3>=3.1.5-r0" # CVE-2024-4603
 
 LABEL maintainer "Bunkerity <contact@bunkerity.com>"
 LABEL version "1.5.7"