1.1.1u release

Sebastian Koerner seb_koerner at hotmail.com
Mon Apr 24 11:52:55 UTC 2023


Hello openssl-users.

https://www.openssl.org/news/vulnerabilities.html says

CVE-2023-0465<https://www.cve.org/CVERecord?id=CVE-2023-0465> Invalid certificate policies in leaf certificates are silently ignored<https://www.openssl.org/news/secadv/20230328.txt> [Low severity]<https://www.openssl.org/policies/secpolicy.html> 23 March 2023: [https://www.openssl.org/img/up.gif] <https://www.openssl.org/news/vulnerabilities.html#toc> [...]

  *   Fixed in OpenSSL 3.1.1 (git commit)<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c> (Affected since 3.1.0)
  *   Fixed in OpenSSL 3.0.9 (git commit)<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb> (Affected since 3.0.0)
  *   Fixed in OpenSSL 1.1.1u (git commit)<https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95> (Affected since 1.1.1)
  *   Fixed in OpenSSL 1.0.2zh (Affected since 1.0.2)

However: I can't seem to find 1.1.1u for download. Is it released yet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230424/35460fa2/attachment-0001.htm>


More information about the openssl-users mailing list