Vulnerability in openssl-1.1.1s

[xueshan06]

Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.s And android-database-sqlcipher version is 4.5.3
CVE-2022-4304
CVE-2023-0286
CVE-2023-0215
CVE-2022-4450

Will the new version fix these issues? Or when will they be fixed?

[developernotes]

Hi @xueshan06,

SQLCipher is not impacted by these CVE's as it does not utilize RSA, pyca/cryptography's wheels, use the BIO stream abstraction, nor process PEM files.

The next release of SQLCipher is imminent, and will use OpenSSL 1.1.1t for non FIPS-based builds targeting OpenSSL.