feat(bootloader): Update micro-ecc version to v1.1

This fix ensures that https://nvd.nist.gov/vuln/detail/CVE-2020-27209 is not
reported by the ESP-IDF SBOM tool. Please note that, this CVE was anyways not
applicable for ESP32 platform, as the bootloader (user of micro-ecc library)
do not perform signing on the device, its only verification that happens in
secure-boot-v1 case.
This commit is contained in:
harshal.patil 2023-09-20 10:39:58 +05:30
parent 925a7310ca
commit a686c20ee5
No known key found for this signature in database
GPG Key ID: 5B5EC97C35B9A2E5
2 changed files with 3 additions and 3 deletions

4
.gitmodules vendored
View File

@ -30,12 +30,12 @@
[submodule "components/bootloader/subproject/components/micro-ecc/micro-ecc"]
path = components/bootloader/subproject/components/micro-ecc/micro-ecc
url = ../../kmackay/micro-ecc.git
sbom-version = 1.0
sbom-version = 1.1
sbom-cpe = cpe:2.3:a:micro-ecc_project:micro-ecc:{}:*:*:*:*:*:*:*
sbom-supplier = Person: Ken MacKay
sbom-url = https://github.com/kmackay/micro-ecc
sbom-description = A small and fast ECDH and ECDSA implementation for 8-bit, 32-bit, and 64-bit processors
sbom-hash = d037ec89546fad14b5c4d5456c2e23a71e554966
sbom-hash = 24c60e243580c7868f4334a1ba3123481fe1aa48
[submodule "components/spiffs/spiffs"]
path = components/spiffs/spiffs

@ -1 +1 @@
Subproject commit d037ec89546fad14b5c4d5456c2e23a71e554966
Subproject commit 24c60e243580c7868f4334a1ba3123481fe1aa48