espressif/esp-lwip
1
0
Fork 0
mirror of https://github.com/espressif/esp-lwip.git synced 2026-06-05 21:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add sbom descripton file for Software BOM

Browse Source 
This file is used by the esp-idf-sbom tool to generate
an SBOM file in the SPDX format for esp-idf projects.
This commit is contained in:
David Cermak
2023-09-14 08:18:35 +02:00
committed by David Čermák
parent 0f2d472722
commit 90c1e93e40
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sbom.yml
+11
View File
@@ -0,0 +1,11 @@
name: 'lwip'
version: '2.1.2'
cpe: cpe:2.3:a:lwip_project:lwip:{}:*:*:*:*:*:*:*
supplier: 'Organization: Espressif Systems (Shanghai) CO LTD'
originator: 'Organization: non-GNU software and documentation, lwIP Project <lwip-members@nongnu.org>'
description: A Lightweight TCP/IP stack with additional features and patches from Espressif.
cve-exclude-list:
- cve: CVE-2020-22284
reason: The fix for this vulnerability has been incorporated from the lwIP project upstream as ecd6009a, 6ffe30d9 and 8f5a0aaa.
- cve: CVE-2020-22283
reason: The fix for this vulnerability has been incorporated from the lwIP project upstream as 379d5504, ba3b04e7 and 843a1161 (Note that this vulnerability is not listed in the NVD against lwip version 2.1.2, but version - N/A).