diff options
| author | Albin <albin@mullvad.net> | 2022-12-08 09:50:47 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-08 15:38:34 +0100 |
| commit | b4de104fcd33bd45b0e85b8b082e5b38236efa92 (patch) | |
| tree | aa3e25d0fd9b184fe96e67bac15c7d7eaad872ec | |
| parent | 3abd2d1fc878985185a1a14254914b2041654034 (diff) | |
| download | mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.tar.xz mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.zip | |
Update suppression of CVE-2021-22569
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index afc1b5ea89..29a8839744 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -2,10 +2,12 @@ <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> <suppress> <notes><![CDATA[ - This CVE is a false positive as javalite isn't affected according to: - https://cloud.google.com/support/bulletins#gcp-2022-001 + This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic + checks and tracking externally. + + File name: protobuf-lite-3.0.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl> + <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2021-22569</cve> </suppress> <suppress> |