espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-29 18:27:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'change/exclude_cves_v5.0' into 'release/v5.0'

Browse Source 
change: exclude CVEs that do not impact ESP-IDF components (v5.0)

See merge request espressif/esp-idf!32662
This commit is contained in:
Jiang Jiang Jian
2024-08-15 16:00:31 +08:00
parent 08fc43a63d 8027ab8398
commit a08133327d
2 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitmodules vendored
View File

@ -55,6 +55,7 @@
sbom-url = https://github.com/DaveGamble/cJSON
sbom-description = Ultralightweight JSON parser in ANSI C
sbom-hash = acc76239bee01d8e9c858ae2cab296704e52d916
sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18
[submodule "components/mbedtls/mbedtls"]
path = components/mbedtls/mbedtls

2
components/freertos/FreeRTOS-Kernel/sbom.yml
View File

@ -7,3 +7,5 @@ description: An open-source, real-time operating system (RTOS) with additional f
cve-exclude-list:
- cve: CVE-2021-43997
reason: This vulnerability only affects ARMv7-M and ARMv8-M ports of FreeRTOS and hence does not affect Espressif SoCs which are not based on these architectures.
- cve: CVE-2024-28115
reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled