| From: | Nathan Harrell <Nathan(dot)Harrell(at)sas(dot)com> |
|---|---|
| To: | "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org> |
| Subject: | Potential Windows ODBC 10.03.0000 Security Vulnerability |
| Date: | 2019-02-22 13:33:07 |
| Message-ID: | BL0PR05MB5345FE04F83B24AA5BB8193D8A7F0@BL0PR05MB5345.namprd05.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
Hello all,
In August of 2018, CVE-2018-10915 was found with a CVSS v3 base score of 8.5 against the PostgreSQL libpq library. This affects all PostgreSQL 10 versions of libpq up to version 10.4 and the issue is fixed as of version 10.5. As far as I can tell, the Windows MSI provided by the PostgreSQL ODBC community for ODBC 10.03.0000 is shipping with libpq version 10.4, which would mean it is shipping with these security vulnerabilities.
Are there any plans to upgrade the Windows MSI libpq libraries to PostgreSQL 10.5 or 10.6 so that we can avoid this security issue? The link below is to the security exception on PostgreSQL's website:
https://www.postgresql.org/about/news/1878/
Thanks,
Nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grant Shirreffs | 2019-02-25 03:42:45 | Escaped characters in LIKE |
| Previous Message | Pierre Couderc | 2019-02-21 10:31:04 | Re: problem with _ character |