Update OpenSSL used in binary releases per CVE-2023-0464 #103142
Description
https://nvd.nist.gov/vuln/detail/CVE-2023-0464
We need OpenSSL >= 1.1.1u | 3.0.9 | 3.1.1.
We've got patch releases coming up soon, we should be able to just bump the versions before then.
(note: at the time of this writing OpenSSL hasn't even released those updated versions)
Linked PRs
- gh-103142: Update error codes, multissltests, and CI workflows for OpenSSL 1.1.1u, 3.0.9, and 3.1.1. #105129
- gh-103142: Update macOS installer to use OpenSSL 1.1.1u. #105130
- [3.11] gh-103142: Update macOS installer to use OpenSSL 1.1.1u. (GH-105130) #105131
- [3.12] gh-103142: Update macOS installer to use OpenSSL 1.1.1u. (GH-105130) #105132
- gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u #105174
- [3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) #105199
- [3.11] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) #105200
- [3.10] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) #105204
- [3.9] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) #105205
- [3.7] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u. #105308
- [3.8] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) (GH-105205) #105370