Quick Links

psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

From:	Miloslav Zadrazil <Miloslav(dot)Zadrazil(at)solarwinds(dot)com>
To:	"pgsql-odbc(at)postgresql(dot)org" <pgsql-odbc(at)postgresql(dot)org>
Subject:	psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Date:	2023-06-14 10:00:20
Message-ID:	PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-odbc

Hello,

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.
It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

Are there any plans to release additional ODBC driver's version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?

Many thanks

Best Regards

Miloslav Zadrazil

Responses

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities at 2023-06-20 23:52:20 from Inoue,Hiroshi

Browse pgsql-odbc by date

	From	Date	Subject
Next Message	Jason Hwang	2023-06-16 03:53:46	Connection to PostgreSQL 14.4
Previous Message	Ronald Cabral	2023-06-12 13:14:41	Postgresql driver ODBC for linux