diff options
| author | Jonatan Rhodin <jonatan.rhodin@mullvad.net> | 2024-09-20 15:36:23 +0200 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2024-09-23 10:35:12 +0200 |
| commit | 4d571edcf3d9f4a9af759c293a1d1f1eb55095df (patch) | |
| tree | 82d4d261321bd250e2cc0e885321202b793b91ec /android | |
| parent | 5cadd01fe2b9b1b24942328002bafa2c565522c2 (diff) | |
| download | mullvadvpn-4d571edcf3d9f4a9af759c293a1d1f1eb55095df.tar.xz mullvadvpn-4d571edcf3d9f4a9af759c293a1d1f1eb55095df.zip | |
Suppress CVE-2024-7254
Diffstat (limited to 'android')
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 9 | ||||
| -rw-r--r-- | android/gradle/osv-scanner.toml | 5 | ||||
| -rw-r--r-- | android/test/test-suppression.xml | 9 |
3 files changed, 23 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index ae30e89fff..2462a467ba 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -40,4 +40,13 @@ <packageUrl regex="true">^pkg:maven/commons\-validator/commons\-validator@.*$</packageUrl> <cve>CVE-2021-3765</cve> </suppress> + <suppress until="2024-12-01Z"> + <notes><![CDATA[ + Denial of service using protobuf. + Should not be applicable since client and server are always in sync and we are only + communicating locally over UDS. + ]]></notes> + <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl> + <cve>CVE-2024-7254</cve> + </suppress> </suppressions> diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml index 53491f8485..ce19dcfe26 100644 --- a/android/gradle/osv-scanner.toml +++ b/android/gradle/osv-scanner.toml @@ -68,6 +68,11 @@ id = "CVE-2022-24329" # GHSA-2qp4-g3q3-f92w ignoreUntil = 2024-11-02 reason = "This CVE only affect Multiplatform Gradle Projects, which this project is not." +[[IgnoredVulns]] +id = "CVE-2024-7254" # GHSA-735f-pc8j-v9w8 +ignoreUntil = 2024-11-02 +reason = "Should not be applicable since client and server are always in sync and we are only communicating locally over UDS." + [[PackageOverrides]] name = "org.bouncycastle:bcprov-jdk15on" ecosystem = "Maven" diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml index fac53625c9..cb6bd25a19 100644 --- a/android/test/test-suppression.xml +++ b/android/test/test-suppression.xml @@ -17,4 +17,13 @@ <cve>CVE-2023-33953</cve> <cve>CVE-2023-44487</cve> </suppress> + <suppress until="2024-12-01Z"> + <notes><![CDATA[ + Denial of service using protobuf. + Should not be applicable since client and server are always in sync and we are only + communicating locally over UDS. + ]]></notes> + <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl> + <cve>CVE-2024-7254</cve> + </suppress> </suppressions> |