Merge branch 'suppress-CVE-2024-23080'

albin-mullvad · albin-mullvad · commit fda323c7f8b7 · 2024-04-15T10:34:43.000+02:00
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
@@ -68,4 +68,13 @@
         <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
         <cve>CVE-2014-9152</cve>
     </suppress>
+    <suppress until="2024-05-01Z">
+        <notes><![CDATA[
+            Suppressing since the affected function isn't used in this project. No upstream fixes
+            are available at the time of adding this suppression.
+            https://nvd.nist.gov/vuln/detail/CVE-2024-23080
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/joda-time/joda-time@.*$</packageUrl>
+        <cve>CVE-2024-23080</cve>
+    </suppress>
 </suppressions>
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml
@@ -118,4 +118,13 @@
         <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
         <cve>CVE-2014-9152</cve>
     </suppress>
+    <suppress until="2024-05-01Z">
+        <notes><![CDATA[
+            Suppressing since the affected function isn't used in this project. No upstream fixes
+            are available at the time of adding this suppression.
+            https://nvd.nist.gov/vuln/detail/CVE-2024-23080
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/joda-time/joda-time@.*$</packageUrl>
+        <cve>CVE-2024-23080</cve>
+    </suppress>
 </suppressions>
