Re: Heartbleed Impact

On Wed, Apr 16, 2014 at 9:08 PM, Dev Kumkar <devdas(dot)kumkar(at)gmail(dot)com> wrote:

> On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
>> * Dev Kumkar (devdas(dot)kumkar(at)gmail(dot)com) wrote:
>> > I just downloaded the latest binaries from EnterpriseDB and when checked
>> > with libssl.so.1.0.0 can see this:
>> > OpenSSL 1.0.1g 7 Apr 2014
>> >
>> > OpenSSL 1.0.1g is the patched version.
>>
>> Yes, checked w/ them and they say it's all patched..
>>
>> > Awaiting confirmation and also please let know if there is certain NOTE
>> or
>> > link which talks about this fix from EnterpriseDB side.
>>
>> There's a note on the 'installers' page here:
>> http://www.enterprisedb.com/products-services-training/pgdownload
>>
>> I believe they're going to add a note to the other page too.
>>
>> Thanks,
>>
>> Stephen
>>
>
> Thanks for the confirmation. Yup checked the NOTE on 'installers' page and
> a note on binary page will really help.
>
> Regards...
>

Hello Guys,

For postgreSQL, is there any OpenSSL fix coming up for this issue:
http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/

Currently in PostgreSQL 9.4.3 the version is as follows: OpenSSL 1.0.1g 7
Apr 2014

As per the above link, fixed OpenSSL version would be 1.0.1h

Looking forward for some comments here.

Regards...