Vulnerability in openssl-1.1.1s
xueshan06 opened this issue · 1 comments
xueshan06 commented
Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.s And android-database-sqlcipher version is 4.5.3
CVE-2022-4304
CVE-2023-0286
CVE-2023-0215
CVE-2022-4450
Will the new version fix these issues? Or when will they be fixed?
developernotes commented
Hi @xueshan06,
SQLCipher is not impacted by these CVE's as it does not utilize RSA, pyca/cryptography's wheels, use the BIO stream abstraction, nor process PEM files.
The next release of SQLCipher is imminent, and will use OpenSSL 1.1.1t for non FIPS-based builds targeting OpenSSL.