change: exclude CVEs that do not impact ESP-IDF components

cJSON:    CVE-2024-31755 - Resolved in cJSON v1.7.18
FreeRTOS: CVE-2024-28115 - Affects only ARMv7-M MPU ports, and ARMv8-M ports

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This commit is contained in:
Frantisek Hrbata 2024-08-01 12:24:47 +02:00
parent 33b4d64918
commit 0fdb309d1e
2 changed files with 4 additions and 0 deletions

1
.gitmodules vendored
View File

@ -55,6 +55,7 @@
sbom-url = https://github.com/DaveGamble/cJSON sbom-url = https://github.com/DaveGamble/cJSON
sbom-description = Ultralightweight JSON parser in ANSI C sbom-description = Ultralightweight JSON parser in ANSI C
sbom-hash = acc76239bee01d8e9c858ae2cab296704e52d916 sbom-hash = acc76239bee01d8e9c858ae2cab296704e52d916
sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18
[submodule "components/mbedtls/mbedtls"] [submodule "components/mbedtls/mbedtls"]
path = components/mbedtls/mbedtls path = components/mbedtls/mbedtls

View File

@ -4,3 +4,6 @@ cpe: cpe:2.3:o:amazon:freertos:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD' supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Amazon Web Services' originator: 'Organization: Amazon Web Services'
description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif. description: An open-source, real-time operating system (RTOS) with additional features and patches from Espressif.
cve-exclude-list:
- cve: CVE-2024-28115
reason: Affects only ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled