[PA-3669] Bump OpenSSL to 1.1.1k - Puppet Jira Server

XML

Word

Printable

Release Notes:
Enhancement
Release Notes Summary:

Hide
Bump the vendored openssl version to 1.1.1k, which fixes the following CVEs:
- [CVE-2021-3450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450) - [CA certificate check bypass with X509_V_FLAG_X509_STRICT](https://www.openssl.org/news/secadv/20210325.txt)
- [CVE-2021-3449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449) - [NULL pointer deref in signature_algorithms processing](https://www.openssl.org/news/secadv/20210325.txt)

Show
Bump the vendored openssl version to 1.1.1k, which fixes the following CVEs: - [CVE-2021-3450]( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450 ) - [CA certificate check bypass with X509_V_FLAG_X509_STRICT]( https://www.openssl.org/news/secadv/20210325.txt ) - [CVE-2021-3449]( https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449 ) - [NULL pointer deref in signature_algorithms processing]( https://www.openssl.org/news/secadv/20210325.txt )