alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'feat/newlib-add-sbom-exclude_cve-2024-30949_v5.2' into 'release/v5.2'

Browse Source 
fix(newlib): sbom: add CVE-2024-30949 to cve-exclude-list (v5.2)

See merge request espressif/esp-idf!33682
This commit is contained in:
Mahavir Jain 2024-10-01 21:16:58 +08:00
commit f0ee29e4e1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
components/newlib/sbom.yml
View File

@ -4,3 +4,6 @@ cpe: cpe:2.3:a:newlib_project:newlib:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD' supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Red Hat Incorporated' originator: 'Organization: Red Hat Incorporated'
description: An open-source C standard library implementation with additional features and patches from Espressif. description: An open-source C standard library implementation with additional features and patches from Espressif.
cve-exclude-list:
- cve: CVE-2024-30949
reason: May affect RISCV binaries that are linked with libgloss. IDF does not link against this library.