Update suppression of CVE-2021-22569

author: Albin <albin@mullvad.net> 2022-12-08 09:50:47 +0100
committer: Albin <albin@mullvad.net> 2022-12-08 15:38:34 +0100
commit: b4de104fcd33bd45b0e85b8b082e5b38236efa92 (patch)
tree: aa3e25d0fd9b184fe96e67bac15c7d7eaad872ec /android/config
parent: 3abd2d1fc878985185a1a14254914b2041654034 (diff)
download: mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.tar.xz
mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index afc1b5ea89..29a8839744 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -2,10 +2,12 @@
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <notes><![CDATA[
-        This CVE is a false positive as javalite isn't affected according to:
-        https://cloud.google.com/support/bulletins#gcp-2022-001
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: protobuf-lite-3.0.1.jar
         ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl>
+        <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl>
         <cve>CVE-2021-22569</cve>
     </suppress>
     <suppress>
author	Albin <albin@mullvad.net>	2022-12-08 09:50:47 +0100
committer	Albin <albin@mullvad.net>	2022-12-08 15:38:34 +0100
commit	b4de104fcd33bd45b0e85b8b082e5b38236efa92 (patch)
tree	aa3e25d0fd9b184fe96e67bac15c7d7eaad872ec /android/config
parent	3abd2d1fc878985185a1a14254914b2041654034 (diff)
download	mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.tar.xz mullvadvpn-b4de104fcd33bd45b0e85b8b082e5b38236efa92.zip