From bb5180f33fe14ddde36a8236fdc253fa08749a09 Mon Sep 17 00:00:00 2001
From: Alexey Lapshin <alexey.lapshin@espressif.com>
Date: Fri, 6 Sep 2024 18:27:09 +0700
Subject: [PATCH] fix(newlib): sbom: add CVE-2024-30949 to cve-exclude-list

---
 components/newlib/sbom.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/components/newlib/sbom.yml b/components/newlib/sbom.yml
index f0fee87255..b44a0d098a 100644
--- a/components/newlib/sbom.yml
+++ b/components/newlib/sbom.yml
@@ -4,3 +4,6 @@ cpe: cpe:2.3:a:newlib_project:newlib:{}:*:*:*:*:*:*:*
 supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
 originator: 'Organization: Red Hat Incorporated'
 description: An open-source C standard library implementation with additional features and patches from Espressif.
+cve-exclude-list:
+  - cve: CVE-2024-30949
+    reason: May affect RISCV binaries that are linked with libgloss. IDF does not link against this library.