system/openssl: multiple vulnerabilities
-
https://www.openssl.org/news/secadv/20230322.txt
- Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
-
https://www.openssl.org/news/secadv/20230328.txt
- Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)
- Certificate policy check not enabled (CVE-2023-0466)
-
https://www.openssl.org/news/secadv/20230420.txt
- Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)
-
https://www.openssl.org/news/secadv/20230530.txt
- Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
Edited by Zach van Rijn