summaryrefslogtreecommitdiffhomepage
path: root/android/config
diff options
context:
space:
mode:
authorAlbin <albin@mullvad.net>2022-12-08 15:53:59 +0100
committerAlbin <albin@mullvad.net>2022-12-08 15:53:59 +0100
commit81c3e7fc12f29ceefb394f11d1486c83e847bcc7 (patch)
treec63536b3d957f5b778a5d70191fc1dfbdd48aaf7 /android/config
parent541bbf7c36e6c83ca7e88cc7ff859c8cefbde6c0 (diff)
parent8c6954d4c8d0638fe2b408c9147e56522cb79aa8 (diff)
downloadmullvadvpn-81c3e7fc12f29ceefb394f11d1486c83e847bcc7.tar.xz
mullvadvpn-81c3e7fc12f29ceefb394f11d1486c83e847bcc7.zip
Merge branch 'bump-android-project-to-java-11'
Diffstat (limited to 'android/config')
-rw-r--r--android/config/dependency-check-suppression.xml63
1 files changed, 56 insertions, 7 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 3aad669277..109347ab5a 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -2,23 +2,32 @@
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
- This CVE only affect Multiplatform Gradle Projects, which this project is not.
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: protobuf-lite-3.0.1.jar
]]></notes>
- <cve>CVE-2022-24329</cve>
+ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl>
+ <cve>CVE-2021-22569</cve>
</suppress>
<suppress>
<notes><![CDATA[
- This CVE is a false positive as javalite isn't affected according to:
- https://cloud.google.com/support/bulletins#gcp-2022-001
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: protobuf-lite-3.0.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
- <cve>CVE-2021-22569</cve>
+ <cve>CVE-2022-3171</cve>
</suppress>
<suppress>
<notes><![CDATA[
- This CVE is tracked externally and is therefore suppressed in the automatic audit checks.
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: protobuf-lite-3.0.1.jar
]]></notes>
- <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
+ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl>
<cve>CVE-2022-3171</cve>
</suppress>
<suppress>
@@ -36,4 +45,44 @@
<packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
<cve>CVE-2021-37533</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: guava-28.2-android.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: guava-28.2-android.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+ <cve>CVE-2020-8908</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: jsoup-1.12.2.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
+ <cve>CVE-2021-37714</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+ checks and tracking externally.
+
+ File name: jsoup-1.12.2.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
+ <cve>CVE-2022-36033</cve>
+ </suppress>
</suppressions>