Merge branch 'suppress-CVE-2024-23080'

author: Albin <albin@mullvad.net> 2024-04-15 10:34:43 +0200
committer: Albin <albin@mullvad.net> 2024-04-15 10:34:43 +0200
commit: fda323c7f8b7e6cba296561972bc99b3148c415f (patch)
tree: 38dfc7493e1566c34076060e6e8cf57d04f33f6a
parent: 0eab341d402cbba88b82886ed6e5c76b47904677 (diff)
parent: ef57b79fad0a8c512b22a4ea729f5513b574a986 (diff)
download: mullvadvpn-fda323c7f8b7e6cba296561972bc99b3148c415f.tar.xz
mullvadvpn-fda323c7f8b7e6cba296561972bc99b3148c415f.zip
2 files changed, 18 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index b8712349ed..6a9729d705 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -68,4 +68,13 @@
         <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
         <cve>CVE-2014-9152</cve>
     </suppress>
+    <suppress until="2024-05-01Z">
+        <notes><![CDATA[
+            Suppressing since the affected function isn't used in this project. No upstream fixes
+            are available at the time of adding this suppression.
+            https://nvd.nist.gov/vuln/detail/CVE-2024-23080
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/joda-time/joda-time@.*$</packageUrl>
+        <cve>CVE-2024-23080</cve>
+    </suppress>
 </suppressions>
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml
index 5932bda92e..adebd4c116 100644
--- a/android/test/test-suppression.xml
+++ b/android/test/test-suppression.xml
@@ -118,4 +118,13 @@
         <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
         <cve>CVE-2014-9152</cve>
     </suppress>
+    <suppress until="2024-05-01Z">
+        <notes><![CDATA[
+            Suppressing since the affected function isn't used in this project. No upstream fixes
+            are available at the time of adding this suppression.
+            https://nvd.nist.gov/vuln/detail/CVE-2024-23080
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/joda-time/joda-time@.*$</packageUrl>
+        <cve>CVE-2024-23080</cve>
+    </suppress>
 </suppressions>
author	Albin <albin@mullvad.net>	2024-04-15 10:34:43 +0200
committer	Albin <albin@mullvad.net>	2024-04-15 10:34:43 +0200
commit	fda323c7f8b7e6cba296561972bc99b3148c415f (patch)
tree	38dfc7493e1566c34076060e6e8cf57d04f33f6a
parent	0eab341d402cbba88b82886ed6e5c76b47904677 (diff)
parent	ef57b79fad0a8c512b22a4ea729f5513b574a986 (diff)
download	mullvadvpn-fda323c7f8b7e6cba296561972bc99b3148c415f.tar.xz mullvadvpn-fda323c7f8b7e6cba296561972bc99b3148c415f.zip