Re: Heartbleed Impact

On Thu, Jun 5, 2014 at 7:30 PM, Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> wrote:

>
> On Wed, Apr 16, 2014 at 9:08 PM, Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com>
> wrote:
>
>> On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net>
>> wrote:
>>
>>> * Dev Kumkar (devdas(dot)kumkar(at)gmail(dot)com) wrote:
>>> > I just downloaded the latest binaries from EnterpriseDB and when
>>> checked
>>> > with libssl.so.1.0.0 can see this:
>>> > OpenSSL 1.0.1g 7 Apr 2014
>>> >
>>> > OpenSSL 1.0.1g is the patched version.
>>>
>>> Yes, checked w/ them and they say it's all patched..
>>>
>>> > Awaiting confirmation and also please let know if there is certain
>>> NOTE or
>>> > link which talks about this fix from EnterpriseDB side.
>>>
>>> There's a note on the 'installers' page here:
>>> http://www.enterprisedb.com/products-services-training/pgdownload
>>>
>>> I believe they're going to add a note to the other page too.
>>>
>>> Thanks,
>>>
>>> Stephen
>>>
>>
>> Thanks for the confirmation. Yup checked the NOTE on 'installers' page
>> and a note on binary page will really help.
>>
>> Regards...
>>
>
> Hello Guys,
>
> For postgreSQL, is there any OpenSSL fix coming up for this issue:
> http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/
>
> Currently in PostgreSQL 9.4.3 the version is as follows: OpenSSL 1.0.1g 7
> Apr 2014
>
> As per the above link, fixed OpenSSL version would be 1.0.1h
>
> Looking forward for some comments here.
>
>
Hi!

The guys at EnterpriseDB are busy building new installers as we speak, I
would expect them to be out tomorrow or so.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/