Yubico / yubikey-manager-qt

Cross-platform application for configuring any YubiKey over all USB interfaces.
https://developers.yubico.com/yubikey-manager-qt/
BSD 2-Clause "Simplified" License
238 stars 29 forks source link

OpenSSL dependency need bump - contains active vulnrability. #360

Closed oderbang closed 7 months ago

oderbang commented 7 months ago

Steps to reproduce

Install version 1.2.6 Navigate to installation directory and check version of "libcrypto-3.dll" states 3.0.13.0

[Please explain what you did when the bug appeared, and if and how you have been able to reproduce it.] NA

Expected result

NA [What did you expect to happen when you did the above?] NA

Actual results

NA [What actually happened?] NA

Other info

[Anything else you would like to add?]

fdennis commented 7 months ago

Hi,

YubiKey Manager Qt receives its OpenSSL version from Python. For Python 3.11.8 and later that version is 3.0.13. There currently seems to be one vulnerability in OpenSSL 3.0.13 which has been given a low severity and does not affect YubiKey Manager 1.2.6.