The Flutter engine forks OpenSSL and maintains BoringSSL inside the package. The latest OpenSSL version (3.3) resolves all the security vulnerabilities. Our question is: Does BoringSSL also resolve all the security vulnerabilities that exist in OpenSSL?
Our security team reported the following issues in the flutter_windows.dll file:
- CVE-2022-1292
- CVE-2022-1343
- CVE-2022-1434
- CVE-2022-1473
Have these issues already been fixed in BoringSSL? please give more detail about openssl version, vulnerability fixes and all. Thanks.