Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

Hi Matthew,

Yes, Hiroshi Saito has already announced the new release 15.0.0.0..

regards,
Hiroshi Inoue

2023年6月25日(日) 7:11 Matthew Reeves <bytemyzer(at)yahoo(dot)com>:

> Hello, Hiroshi,
>
> For the benefit of the group, has a new release been made available yet?
> On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <
> hinoue205(at)gmail(dot)com> wrote:
>
>
> Hi Miloslav,
>
> Sorry for the late reply.
> We will make a new release in a few days.
> Openssl 3.0.9 version will be used in the release.
>
> regards,
> Hiroshi Inoue
>
> 2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav(dot)Zadrazil(at)solarwinds(dot)com>:
>
> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>
>