Naaturel/board-mate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
821cdf6a0236a2013514408d3444edecb1e4e67c
board-mate/esp32-thread/open-thread-rcp/components/components/esp_libc/sbom_newlibc.yml
Laurent 892a4299f5 Added some esp materials
2025-12-24 16:07:10 +01:00

11 lines
700 B
YAML
Raw Blame History

if: 'LIBC_NEWLIB'
name: 'newlib'
version: '4.5.0'
cpe: cpe:2.3:a:newlib_project:newlib:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: Red Hat Incorporated'
description: Newlib is a small C standard library for embedded systems
cve-exclude-list:
- cve: CVE-2024-30949
reason: A vulnerability was discovered in the gettimeofday system call implementation within the RISC-V libgloss component of Newlib. ESP-IDF does not link against libgloss for RISC-V, hence the issue is not directly applicable. Still, the relevant fix has been patched through https://github.com/espressif/newlib-esp32/commit/047ba47013c2656a1e7838dc86cbc75aeeaa67a7
Reference in New Issue View Git Blame Copy Permalink