Suppress CVE-2021-4277

author: Albin <albin@mullvad.net> 2023-01-10 10:21:54 +0100
committer: Albin <albin@mullvad.net> 2023-01-10 13:48:23 +0100
commit: 290ca19d7f3f93553c5711e352baa93d8444b2ce (patch)
tree: 0973df99201573ec633d02a10f8bb4d0a526c8b4 /android
parent: 2611186bfbb356fbafea988152a473456b6e4fd5 (diff)
download: mullvadvpn-290ca19d7f3f93553c5711e352baa93d8444b2ce.tar.xz
mullvadvpn-290ca19d7f3f93553c5711e352baa93d8444b2ce.zip
2 files changed, 40 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 6c2b87af56..95ac0f85c8 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -75,4 +75,24 @@
         <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
         <cve>CVE-2022-36033</cve>
     </suppress>
+    <suppress until="2023-06-01Z">
+        <notes><![CDATA[
+        This CVE is limited to processing of screenshots, which this app doesn't use.
+        https://nvd.nist.gov/vuln/detail/CVE-2021-4277
+
+        File name: legacy-support-core-utils-1.0.0.aar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/androidx\.legacy/legacy\-support\-core\-utils@.*$</packageUrl>
+        <cve>CVE-2021-4277</cve>
+    </suppress>
+    <suppress until="2023-06-01Z">
+        <notes><![CDATA[
+        This CVE is limited to processing of screenshots, which this app doesn't use.
+        https://nvd.nist.gov/vuln/detail/CVE-2021-4277
+
+        File name: leakcanary-android-utils-2.10.aar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.squareup\.leakcanary/leakcanary\-android\-utils@.*$</packageUrl>
+        <cve>CVE-2021-4277</cve>
+    </suppress>
 </suppressions>
diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml
index 07836da418..2b57bc13e8 100644
--- a/android/e2e/e2e-suppression.xml
+++ b/android/e2e/e2e-suppression.xml
@@ -72,4 +72,24 @@
         <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
         <cve>CVE-2022-24329</cve>
     </suppress>
+    <suppress until="2023-06-01Z">
+        <notes><![CDATA[
+        This CVE is limited to processing of screenshots, which this app doesn't use.
+        https://nvd.nist.gov/vuln/detail/CVE-2021-4277
+
+        File name: legacy-support-core-utils-1.0.0.aar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/androidx\.legacy/legacy\-support\-core\-utils@.*$</packageUrl>
+        <cve>CVE-2021-4277</cve>
+    </suppress>
+    <suppress until="2023-06-01Z">
+        <notes><![CDATA[
+        This CVE is limited to processing of screenshots, which this app doesn't use.
+        https://nvd.nist.gov/vuln/detail/CVE-2021-4277
+
+        File name: common-30.3.1.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.android\.tools/common@.*$</packageUrl>
+        <cve>CVE-2021-4277</cve>
+    </suppress>
 </suppressions>
author	Albin <albin@mullvad.net>	2023-01-10 10:21:54 +0100
committer	Albin <albin@mullvad.net>	2023-01-10 13:48:23 +0100
commit	290ca19d7f3f93553c5711e352baa93d8444b2ce (patch)
tree	0973df99201573ec633d02a10f8bb4d0a526c8b4 /android
parent	2611186bfbb356fbafea988152a473456b6e4fd5 (diff)
download	mullvadvpn-290ca19d7f3f93553c5711e352baa93d8444b2ce.tar.xz mullvadvpn-290ca19d7f3f93553c5711e352baa93d8444b2ce.zip