Skip to content

Commit

Permalink
Merge branch 'change/exclude_cves_v5.3' into 'release/v5.3'
Browse files Browse the repository at this point in the history 
change: exclude CVEs that do not impact ESP-IDF components (v5.3)

See merge request espressif/esp-idf!32659
  • Loading branch information
@jack0c
jack0c committed Aug 19, 2024
2 parents 24c6528 + 1f06765 commit 1f37d12
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
1 change: 1 addition & 0 deletions .gitmodules
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@
sbom-url = https://github.com/DaveGamble/cJSON
sbom-description = Ultralightweight JSON parser in ANSI C
sbom-hash = acc76239bee01d8e9c858ae2cab296704e52d916
sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18

[submodule "components/mbedtls/mbedtls"]
path = components/mbedtls/mbedtls
Expand Down
3 changes: 3 additions & 0 deletions components/freertos/FreeRTOS-Kernel/sbom.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@ cpe: cpe:2.3:o:amazon:freertos:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Amazon Web Services'
description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif.
cve-exclude-list:
- cve: CVE-2024-28115
reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled

0 comments on commit 1f37d12

Please sign in to comment.