New versions are available for jbc.FTX and jbc.FTX API. The vulnerable OpenSSL version has been replaced by versions in which the bugs have been fixed. jbc.FTX uses OpenSSL Version 1.1.1v and 3.0.10 now.
These vulnerabilites have been adressed (you also find a full list at/news/vulnerabilities-3.0.html (openssl.org)):
3.0.8
CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow [Moderate severity] 07 February 2023
CVE-2022-4304 Timing Oracle in RSA Decryption [Moderate severity] 07 February 2023
CVE-2022-4450 Double free after calling PEM_read_bio_ex [Moderate severity] 07 February 2023
CVE-2023-0215 Use-after-free following BIO_new_NDEF [Moderate severity] 07 February 2023
CVE-2023-0216 Invalid pointer dereference in d2i_PKCS7 functions [Moderate severity] 07 February 2023
CVE-2023-0217 NULL dereference validating DSA public key [Moderate severity] 07 February 2023
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName [High severity] 07 February 2023
CVE-2023-0401 NULL dereference during PKCS7 data verification [Moderate severity] 07 February 2023
3.0.9
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints [Low severity] 21 March 2023
CVE-2023-0466 Certificate policy check not enabled [Low severity] 21 March 2023
CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM [Low severity] 21 March 2023
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored [Low severity] 23 March 2023
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers [Moderate severity] 30 May 2023
3.0.10
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries [Low severity] 07 July 2023
CVE-2023-3446 Excessive time spent checking DH keys and parameters [Low severity] 13 July 2023
CVE-2023-3817 Excessive time spent checking DH q parameter value [Low severity] 31 July 2023
Updaing to OpenSSL 1.1.1v adressed these vulnerabilities (also listed at /news/vulnerabilities-1.1.1.html (openssl.org)):
1.1.1t
CVE-2022-4304 Timing Oracle in RSA Decryption [Moderate severity] 07 February 2023
CVE-2022-4450 Double free after calling PEM_read_bio_ex [Moderate severity] 07 February 2023
CVE-2023-0215 Use-after-free following BIO_new_NDEF [Moderate severity] 07 February 2023
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName [High severity] 07 February 2023
1.1.1u
CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints [Low severity] 21 March 2023
CVE-2023-0466 Certificate policy check not enabled [Low severity] 21 March 2023
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored [Low severity] 23 March 2023
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers [Moderate severity] 30 May 2023
1.1.1v
CVE-2023-3446 Excessive time spent checking DH keys and parameters [Low severity] 13 July 2023
CVE-2023-3817 Excessive time spent checking DH q parameter value [Low severity] 31 July 2023