Closed xueshan06 closed 1 year ago
Hi @xueshan06,
SQLCipher is not impacted by these CVE's as it does not utilize RSA, pyca/cryptography's wheels, use the BIO stream abstraction, nor process PEM files.
The next release of SQLCipher is imminent, and will use OpenSSL 1.1.1t for non FIPS-based builds targeting OpenSSL.
Our internal tool reported that there are some Vulnerabilities in openssl-1.1.1.s And android-database-sqlcipher version is 4.5.3 CVE-2022-4304 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450
Will the new version fix these issues? Or when will they be fixed?