From e3a98c83c5d5552a47d3ae1fb6cab5a0c86cf117 Mon Sep 17 00:00:00 2001
From: "Jiaxiao (mossaka) Zhou" <duibao55328@gmail.com>
Date: Thu, 12 Feb 2026 20:12:19 +0000
Subject: [PATCH] fix: upgrade gpgv in squid container to address
 CVE-2025-68973

The squid container's base image includes gpgv 2.4.4-2ubuntu17.3 which
is vulnerable to an information disclosure and potential arbitrary code
execution via out-of-bounds write. Adding an explicit upgrade step
ensures gpgv is updated to the patched version (2.4.4-2ubuntu17.4+).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 containers/squid/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/containers/squid/Dockerfile b/containers/squid/Dockerfile
index 3df7040f..c5a695ee 100644
--- a/containers/squid/Dockerfile
+++ b/containers/squid/Dockerfile
@@ -5,6 +5,7 @@ FROM ubuntu/squid:latest
 RUN set -eux; \
     PKGS="curl dnsutils net-tools netcat-openbsd openssl squid-openssl"; \
     apt-get update && \
+    apt-get install -y --only-upgrade gpgv && \
     ( apt-get install -y --no-install-recommends $PKGS || \
       (rm -rf /var/lib/apt/lists/* && apt-get update && \
        apt-get install -y --no-install-recommends $PKGS) ) && \