https://nvd.nist.gov/vuln/detail/CVE-2023-0464

We need OpenSSL >= 1.1.1u | 3.0.9 | 3.1.1.

We've got patch releases coming up soon, we should be able to just bump the versions before then.

(note: at the time of this writing OpenSSL hasn't even released those updated versions)

Linked PRs

• gh-103142: Update error codes, multissltests, and CI workflows for OpenSSL 1.1.1u, 3.0.9, and 3.1.1. #105129
• gh-103142: Update macOS installer to use OpenSSL 1.1.1u. #105130
• [3.11] gh-103142: Update macOS installer to use OpenSSL 1.1.1u. (GH-105130) #105131
• [3.12] gh-103142: Update macOS installer to use OpenSSL 1.1.1u. (GH-105130) #105132
• gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u #105174
• [3.12] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) #105199
• [3.11] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174)  #105200
• [3.10] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) #105204
• [3.9] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) #105205
• [3.7] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u. #105308
• [3.8] gh-103142: Upgrade binary builds and CI to OpenSSL 1.1.1u (GH-105174) (GH-105200) (GH-105205) #105370