From 8ff99f0c1a11f3487f3fd2be4d68fdd7aa8f91ab Mon Sep 17 00:00:00 2001
From: Mickael Remond <mremond@process-one.net>
Date: Wed, 7 Dec 2016 19:26:19 +0100
Subject: [PATCH] Use stable expat to fix CVE-2016-4472

---
 ejabberd-mix/Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ejabberd-mix/Dockerfile b/ejabberd-mix/Dockerfile
index 6c89602..0076628 100644
--- a/ejabberd-mix/Dockerfile
+++ b/ejabberd-mix/Dockerfile
@@ -4,12 +4,13 @@ MAINTAINER ProcessOne <contact@process-one.net>
 RUN echo \
   # Replacing default repositories with edge ones as we need Elixir 1.3.x
   # Previous version of Elixir do not handle our deps properly
-  && echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" > /etc/apk/repositories \
+  && echo @stable "http://dl-cdn.alpinelinux.org/alpine/v3.4/main" > /etc/apk/repositories \
+  && echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
   && echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories \
   && echo "http://dl-cdn.alpinelinux.org/alpine/edge/main" >> /etc/apk/repositories && \
 
   # Install elixir from apk
-  apk add --no-cache build-base git zlib-dev openssl-dev yaml-dev expat-dev \
+  apk add --no-cache build-base git zlib-dev openssl-dev yaml-dev expat-dev@stable \
    elixir erlang-crypto erlang-syntax-tools erlang-parsetools \
    erlang-eunit erlang-mnesia