Skip to content

Commit

Permalink
Merge pull request #446 from espressif/fix/expat_exclude_cve
Browse files Browse the repository at this point in the history 
change: exclude CVE-2024-50602 from libexpat component
  • Loading branch information
@mahavirj
mahavirj authored Nov 8, 2024
2 parents 9634f8d + 8ccc7ca commit 884934d
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion expat/idf_component.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: "2.6.4"
version: "2.6.4~1"
description: "Expat - XML Parsing C Library"
url: https://github.com/espressif/idf-extra-components/tree/master/expat
dependencies:
Expand Down
2 changes: 2 additions & 0 deletions expat/sbom_libexpat.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ hash: 2691aff4304a6d7e053199c205620136481b9dd1
cve-exclude-list:
- cve: CVE-2024-28757
reason: Resolved in version 2.6.2
- cve: CVE-2024-50602
reason: Resolved in version 2.6.4, please see https://github.com/libexpat/libexpat/pull/915

0 comments on commit 884934d

Please sign in to comment.