Update suppression of CVE-2022-3171

1 files changed, 14 insertions, 1 deletions

diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 29a8839744..a9d3168fcf 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -12,13 +12,26 @@
     </suppress>
     <suppress>
         <notes><![CDATA[
-        This CVE is tracked externally and is therefore suppressed in the automatic audit checks.
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: protobuf-lite-3.0.1.jar
         ]]></notes>
         <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
         <cve>CVE-2022-3171</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: protobuf-lite-3.0.1.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl>
+        <cve>CVE-2022-3171</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
         This CVE affects the Apache Commons Net's FTP client that this app doesn't use.
         https://www.openwall.com/lists/oss-security/2022/12/03/1