fix: upgrade gpgv in squid container to address CVE-2025-68973 (#757)

Mossaka · claude · web-flow · commit 311ab0cb2573 · 2026-02-12T14:06:35.000-08:00
The squid container's base image includes gpgv 2.4.4-2ubuntu17.3 which
is vulnerable to an information disclosure and potential arbitrary code
execution via out-of-bounds write. Adding an explicit upgrade step
ensures gpgv is updated to the patched version (2.4.4-2ubuntu17.4+).

Co-authored-by: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/containers/squid/Dockerfile b/containers/squid/Dockerfile
@@ -5,6 +5,7 @@ FROM ubuntu/squid:latest
 RUN set -eux; \
     PKGS="curl dnsutils net-tools netcat-openbsd openssl squid-openssl"; \
     apt-get update && \
+    apt-get install -y --only-upgrade gpgv && \
     ( apt-get install -y --no-install-recommends $PKGS || \
       (rm -rf /var/lib/apt/lists/* && apt-get update && \
        apt-get install -y --no-install-recommends $PKGS) ) && \
