Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Matthew Reeves <[email protected]>
To: Inoue,Hiroshi <[email protected]>
Cc: [email protected]
Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Date: Sat, 24 Jun 2023 22:11:54 +0000 (UTC)
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>
References: <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
	<CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>

 Hello, Hiroshi,

For the benefit of the group, has a new release been made available yet?
     On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <[email protected]> wrote:  

 Hi Miloslav,
Sorry for the late reply.We will make a new release in a few days.Openssl 3.0.9 version will be used in the release.
regards,Hiroshi Inoue
2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:

Hello, 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

Many thanks

Best Regards

Miloslav Zadrazil

view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox