Suppress gRPC CVEs

These CVEs are a combination of a false-positive and CVEs not affecting our app.
author: Albin <albin@mullvad.net> 2024-06-07 11:23:58 +0200
committer: Albin <albin@mullvad.net> 2024-06-07 11:29:00 +0200
commit: b6099763bd38e16c9b6ded06be180f971818db35 (patch)
tree: c1c2b8f83b25434095f55d9df572571a90edfa4e /android/test
parent: 33be62329b449c54cef482c6578fb0b0bc92dc72 (diff)
download: mullvadvpn-b6099763bd38e16c9b6ded06be180f971818db35.tar.xz
mullvadvpn-b6099763bd38e16c9b6ded06be180f971818db35.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml
index ef8f8c4702..fac53625c9 100644
--- a/android/test/test-suppression.xml
+++ b/android/test/test-suppression.xml
@@ -8,4 +8,13 @@
         <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
         <cve>CVE-2014-9152</cve>
     </suppress>
+    <suppress until="2024-12-01Z">
+        <notes><![CDATA[
+            No impact on this app since it uses UDS rather than HTTP2.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/io\.grpc/grpc.*-stub@.*$</packageUrl>
+        <cve>CVE-2023-32732</cve>
+        <cve>CVE-2023-33953</cve>
+        <cve>CVE-2023-44487</cve>
+    </suppress>
 </suppressions>
author	Albin <albin@mullvad.net>	2024-06-07 11:23:58 +0200
committer	Albin <albin@mullvad.net>	2024-06-07 11:29:00 +0200
commit	b6099763bd38e16c9b6ded06be180f971818db35 (patch)
tree	c1c2b8f83b25434095f55d9df572571a90edfa4e /android/test
parent	33be62329b449c54cef482c6578fb0b0bc92dc72 (diff)
download	mullvadvpn-b6099763bd38e16c9b6ded06be180f971818db35.tar.xz mullvadvpn-b6099763bd38e16c9b6ded06be180f971818db35.zip