
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

Hello openssl-users.</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

<br>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

<a href="https://www.openssl.org/news/vulnerabilities.html" id="LPlnk473872" class="elementToProof">https://www.openssl.org/news/vulnerabilities.html</a> says</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

<dt class="ContentPasted1 elementToProof"><br>

</dt><dt class="ContentPasted1 elementToProof"><a href="https://www.cve.org/CVERecord?id=CVE-2023-0465" class="ContentPasted1">CVE-2023-0465</a>

<a href="https://www.openssl.org/news/secadv/20230328.txt" class="ContentPasted1">

Invalid certificate policies in leaf certificates are silently ignored</a> <a href="https://www.openssl.org/policies/secpolicy.html" class="ContentPasted1">

[Low severity]</a> 23 March 2023: <a href="https://www.openssl.org/news/vulnerabilities.html#toc" class="ContentPasted1">

<img src="https://www.openssl.org/img/up.gif"></a>[...]</dt></div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

<ul>

<li class="ContentPasted2">Fixed in OpenSSL 3.1.1 <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c" class="ContentPasted2">

(git commit)</a> (Affected since 3.1.0)</li><li class="ContentPasted2 elementToProof">Fixed in OpenSSL 3.0.9 <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb" class="ContentPasted2">

(git commit)</a> (Affected since 3.0.0)</li><li class="ContentPasted2 elementToProof">Fixed in OpenSSL 1.1.1u <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95" class="ContentPasted2">

(git commit)</a> (Affected since 1.1.1)</li><li class="ContentPasted2">Fixed in OpenSSL 1.0.2zh (Affected since 1.0.2)</li></ul>

</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

However: I can't seem to find 1.1.1u for download. Is it released yet?</div>

<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof ContentPasted0">

<br>

</div>

</body>

</html>