| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Saravanan Subramaniyan <sara1479(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: OpenSSL Vulnerabilities |
| Date: | 2014-06-12 14:26:45 |
| Message-ID: | CABUevExQnGCfGHF3xFL=zuVNTfqBeWAsrJ1=_oU3ofOU==VRuQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Jun 12, 2014 at 8:43 AM, Saravanan Subramaniyan <sara1479(at)gmail(dot)com>
wrote:
> Hi All,
> Recently OpenSSL released Security Advisory. Please refer below link
>
> http://www.openssl.org/news/secadv_20140605.txt.
>
> We are using postgresql version 9.2.8 which is vulnerable. Is postgresql
> planning to release new version which include OpenSSL 1.0.1h?
>
>
PostgreSQL itself is not vulnerable, so we will not release a new version.
If you are using the EnterpriseDB graphical installers, they are indeed
bundling the OpenSSL and it at least used to be the vulnerable version.
Unfortunately they don't seem to have information about the updates yet - I
will see if i can ping them about making sure that goes on there. I think
they have already patched it - but it's not confirmed on the website.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Krystian Bigaj | 2014-06-12 14:41:57 | Re: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account |
| Previous Message | Raymond O'Donnell | 2014-06-12 14:07:47 | Re: Re: Cannot start Postgresql 9.3 as a service in Windows 2012 Server with a domain account |