esp-idf/components/freertos/FreeRTOS-Kernel/sbom.yml

name: 'freertos'
version: '10.4.3'
cpe: cpe:2.3:o:amazon:freertos:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Amazon Web Services'
description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif.
cve-exclude-list:
  - cve: CVE-2021-43997
    reason: This vulnerability only affects ARMv7-M and ARMv8-M ports of FreeRTOS and hence does not affect Espressif SoCs which are not based on these architectures.
  - cve: CVE-2024-28115
    reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled
feat(freertos): Added SBOM manifest file for SPDX file generation This commit adds the SBOM manifest file for the FreeRTOS-Kernel to aid SPDX file generation. 2023-09-04 23:37:41 -04:00			`name: 'freertos'`
			`version: '10.4.3'`
			`cpe: cpe:2.3:o:amazon:freertos:{}:::::::*`
			`supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'`
			`originator: 'Organization: Amazon Web Services'`
			`description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif.`
			`cve-exclude-list:`
			`- cve: CVE-2021-43997`
			`reason: This vulnerability only affects ARMv7-M and ARMv8-M ports of FreeRTOS and hence does not affect Espressif SoCs which are not based on these architectures.`
change: exclude CVEs that do not impact ESP-IDF components cJSON: CVE-2024-31755 - Resolved in cJSON v1.7.18 FreeRTOS: CVE-2024-28115 - Affects only ARMv7-M MPU ports, and ARMv8-M ports Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> 2024-08-01 06:24:47 -04:00			`- cve: CVE-2024-28115`
			`reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled`