diff options
| author | Albin <albin@mullvad.net> | 2022-12-13 16:36:07 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-13 16:40:56 +0100 |
| commit | c23df87ff647d6876e21c0721560e7b4fafbb215 (patch) | |
| tree | 31fc27ef346cd2819b0e9dcc8d37e3419f099952 | |
| parent | 6b453da9f644dbb409b1fa47f9804b0eb42b19e8 (diff) | |
| download | mullvadvpn-c23df87ff647d6876e21c0721560e7b4fafbb215.tar.xz mullvadvpn-c23df87ff647d6876e21c0721560e7b4fafbb215.zip | |
Set CVE suppression expiration to 2023-05-01
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 16 | ||||
| -rw-r--r-- | android/e2e/e2e-suppression.xml | 14 |
2 files changed, 15 insertions, 15 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index ea6bc8c6ce..590a2a5793 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -10,7 +10,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2021-22569</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -21,7 +21,7 @@ <cve>CVE-2022-3171</cve> <cve>CVE-2022-3510</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -31,7 +31,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2022-3171</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 @@ -46,7 +46,7 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -56,7 +56,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -66,7 +66,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -76,7 +76,7 @@ <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl> <cve>CVE-2021-37714</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml index 767dc638df..fcc7c35c01 100644 --- a/android/e2e/e2e-suppression.xml +++ b/android/e2e/e2e-suppression.xml @@ -4,7 +4,7 @@ CVEs in the e2e project are deemed less severe than CVEs in the main projects as CVEs in the e2e project doesn't affect release or debug versions of the app. --> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -12,7 +12,7 @@ <cve>CVE-2022-3171</cve> <cve>CVE-2022-3510</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -22,7 +22,7 @@ <cve>CVE-2022-3510</cve> <cve>CVE-2021-22569</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 @@ -37,7 +37,7 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2021-29425 @@ -47,7 +47,7 @@ <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl> <cve>CVE-2021-29425</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -61,7 +61,7 @@ <cve>CVE-2022-24823</cve> <cve>CVE-2022-41915</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2022-25647 @@ -71,7 +71,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl> <cve>CVE-2022-25647</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only affect Multiplatform Gradle Projects, which this project is not. https://nvd.nist.gov/vuln/detail/CVE-2022-24329 |