diff options
| author | Oskar <oskar@mullvad.net> | 2024-08-15 17:37:08 +0200 |
|---|---|---|
| committer | Oskar <oskar@mullvad.net> | 2024-08-15 17:37:08 +0200 |
| commit | 605e43f2b4aac34a00390cd7afa6e9393c86f665 (patch) | |
| tree | b3973927de0d2807346c492f55e8ce6b81f450b2 | |
| parent | c48ea670e01399b2fb578816808c2d2bca66b4eb (diff) | |
| parent | 70cdb2eb9666088c1313ac0d61836dcd3959199d (diff) | |
| download | mullvadvpn-605e43f2b4aac34a00390cd7afa6e9393c86f665.tar.xz mullvadvpn-605e43f2b4aac34a00390cd7afa6e9393c86f665.zip | |
Merge branch 'suppress-elliptic-vulnerabilities'
| -rw-r--r-- | gui/osv-scanner.toml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/gui/osv-scanner.toml b/gui/osv-scanner.toml index cef97fe2d8..968158fa7c 100644 --- a/gui/osv-scanner.toml +++ b/gui/osv-scanner.toml @@ -24,3 +24,21 @@ reason = "This project does not use PostCSS to parse untrusted CSS" id = "CVE-2024-4068" # GHSA-grv7-fg5c-xmjg ignoreUntil = 2024-09-05 reason = "This package is only used to match paths from either us or trusted libraries" + +# elliptic: Elliptic allows BER-encoded signatures +[[IgnoredVulns]] +id = "CVE-2024-42461" # GHSA-49q7-c7j4-3p7m +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" + +# elliptic: Elliptic's ECDSA missing check for whether leading bit of r and s is zero +[[IgnoredVulns]] +id = "CVE-2024-42460" # GHSA-977x-g7h5-7qgw +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" + +# elliptic: Elliptic's EDDSA missing signature length check +[[IgnoredVulns]] +id = "CVE-2024-42459" # GHSA-f7q4-pwc6-w24p +ignoreUntil = 2024-10-15 +reason = "We don't utilize the signing features in browserify" |