| From: | "Inoue,Hiroshi" <hinoue205(at)gmail(dot)com> |
|---|---|
| To: | |
| Cc: | "pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org> |
| Subject: | Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities |
| Date: | 2023-06-20 23:52:20 |
| Message-ID: | CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-odbc |
Hi Miloslav,
Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.
regards,
Hiroshi Inoue
2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav(dot)Zadrazil(at)solarwinds(dot)com>:
> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Saito | 2023-06-23 08:20:28 | psqlODBC 15.00.0000 Released |
| Previous Message | Tom Hughes | 2023-06-20 12:47:11 | [PATCH] Allow catalog (database) enumeration with SQLTables |