Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1qDBUE-0000Wm-I4
	for pgsql-odbc@arkaria.postgresql.org; Sat, 24 Jun 2023 22:12:07 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1qDBUB-0002OT-RW
	for pgsql-odbc@arkaria.postgresql.org; Sat, 24 Jun 2023 22:12:03 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bytemyzer@yahoo.com>)
	id 1qDBUB-0002Lz-6K
	for pgsql-odbc@lists.postgresql.org; Sat, 24 Jun 2023 22:12:03 +0000
Received: from sonic301-32.consmr.mail.ne1.yahoo.com ([66.163.184.201])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bytemyzer@yahoo.com>)
	id 1qDBU8-000Fbw-7b
	for pgsql-odbc@postgresql.org; Sat, 24 Jun 2023 22:12:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1687644718; bh=nhGSUNKdHPLcLdIPaYMCHliXvWCgD+SSUiJ6fiZTlH8=;
 h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To;
 b=HEktIEAV5ErYKiHlL4cpYkW9ADjwcIALKLDoUU2floRHb9FIqtoL+zcsj3CR+biNfnYNGm7AwnYzZqZqY8qsWof3wrTYRqpTYxuA8/yKWfel18yg1AA0c4g8atGHYGN1R1Inz3e/IWp5cOCp1ggkbnzTDgAXLu3CnSkJ+I5cO3covCBzYf8XARzvEhsGV9yy8AY5QtU4DZJBcX+g/7+U/Hw9LJu2H+nrZNszc9mW4HTZBfyrMCRQ37xtyj2NMtRMD1cUWhMCYRq4mnwiJzJjpwNImL6DG/j1SEm45pYr//SwDQpV5mF59OgxxgotA39g0HAJHpPk2Hg/EIqw25Uuvg==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1687644718; bh=D07SQkyQ8vAsbH7qg7RGIDSmStbUUB3xMpLC3CkdnE9=;
 h=X-Sonic-MF:Date:From:To:Subject:From:Subject;
 b=Sch5RIy1m7HxEg+srZfRDt85but+gIhFyy0ICbSqblfwZ2pSH8L0L43Qdcy/6kiKO02FiOhl1jvOwaurbOP0lT8OID6oyn0GhNHXZykd22hbsu64eyShsMHxsuA1kFGhm6q7WrOUnnZc2B/8D3MkWTZnRPrayFQa02Kijod8CA1zBw7Hw20FWY4/6sm3M9sODgpZmgfTZXjvvPzTvgkEFRHV4d7mJD9JcI9py01hQixClt09PRSy/Wv0B59JDwq7BX4iNiGwraIKMd7mi0wZw/8cmFra/QHfkN5UpHYXodbPZwnNL5iVPac2k8XU2pWftRsf0A94GBaaPoXf+NrD2Q==
X-YMail-OSG: KlIQZvAVM1k6GManMfMppu8wLy2vcbLXZTThUYMZh8zUDTbmFxGRKQm3WZSKbTP
 h8u4ghJvxgNJqpGaRfzLuSEfUpr5WrQvBcjQDP6vyx4K7uCe.v1tyJloenC_O6Kx.xOmPRrtnh7S
 ZbZeXrXNhtAlxwLj5AEDyr3b.xK4nacavpmJggqyOgIKzR82bif.0ZBC.mzVE88ekAS93PCsiF_C
 e5tLxF_9KvFMs92EvYDw2JWh2lmGj15IpUh_huF57IbemRhlYWGD1tUlammyPWA6jVKGBKMiHOKf
 lGZ0WidLRhNAiAVBb7KvywvoP4S.noj_sUAONkMnv3dBO4Gyk6hRoKEqxOBfdfufJtNzkvC5Gni5
 FwmVXf0kjZX8r_7u632KuxYQiyg4195qJJl5CLy930A3rd.kuZpt9hTejqOrAG_owlwnOTK4yFLB
 USDvn2L2oymJ42382ZH39A.cz71xWmmhnnxv5TVQHyBSVkGz6RbUQY1q6LUJHt_Rz1kXFr7g5NXf
 HokuzMg8qKhq4H4nf6RxNxrQ9.p8SPgD7ypr0fHmJ9dYUbZAoamap9_k9D9x9xoVUVtAsPMEn3CM
 VOwjzIwaKcRFz9M8XLjJ6H8Vu6bJ4aQvT1FTgWHmnJk8pC.pnZRkJPfCIloE1jDPxLHcyX.gKiVt
 mby1q7liMWVLOVTMXhBSS57TOHZAdEKU7fgCpktoE.LBq9C4qE6T2g.jSIqyRQlCQbLw0E6a4EO2
 3T9znIWdjXCfIVWSRCWpacqg.fW3ETwvO43k4goM.vdZ_FD_CLFQiCskb_U3ByG2sCSquZzVTbyg
 Ty4qmTAar.IVM_uqTb.Uafn2tN7_psJSMyc..lwaqYv_GhrWBk3n9sU1HHMF1xb9voNLmZq7bqcK
 TBwz.cifX6VW7aKVPu2U6MJYIyN7jZ8kf08KyIi0MPDasxNVTBmwBovUt.MeTZh1GLge.Sb8iTfa
 PeOgFvebpsOOUY0t3SWVEVNqCwFboNuKmsV9gi3erpRqHPUKoYI5IoWf5ZBm_bBqiDVC3FiunAbN
 UP4gUpkwXLq9vibNykmaUXTa34Vr.rGdswIxpHmy2qPsBX5RJ2gwHdl3azTB.LcBk7B7uWf.I.2U
 3N6qFuQ5XBV1J6FBA_GiUxeyJCcvvwgcVSEeincvwhE02GQVin.f5dVbfHm8MzHP2NXlKkCk4Dnt
 __x_LCsAmuK_3m9wuhlMLoTGXcMQNUNxTZRiZQBRj9rC6HDF1VN8naO6tTGH3tu0yLiJwt1X.N.c
 WFVdb3tZIPoYFg6pKH4htIDQVszSq0Ny6.2vg.OMoMkma_NpelrzU4hgyjOYnSA5ZdtHgHnc2o_v
 OLVrydUZp5j2OEt9kA8ZVwMlxfkHhu6WvD6QXhP.IIF5zgjxCv5aLJVizGfjPE2N2gDlbr8_irp2
 ojILbkxRQf5XoTWQItEN_UI3ggPp963ekaQom87yuZ9L5XVCCec4kWPCbxmxbAiF3tVGaSOXogaV
 iMLYIgBEQN.HWqKJFThmdreJf2vu6JyO7C0r1OB7NHyPwMK5POgOHjYt1miZ79ml_5MATROoGrgg
 RdHZ42VZObl7HGi_NY_hdO0c4PraTECn5U0vq.uePoS9hOOeoknLzyLxULgnrv.Pupz4jIqYKeg4
 GnDo.TAYlpXdmjrexvGLvkDvGi1GXTee4bDEUc_ERF_CJuNXjGHrFuNxp5ZKlS9HzZOb05Jh9eaw
 pe608GRF6u6l.SAcl1E9GDrw194Y2WKXdxfLFN7upMwLdcoAVpE3H8WANnw6z6Si7r0sxxxCVcqK
 MWEmm8aBTpTXXy48OxnAN5.MGVEkdiWWzd5Tei2zYj5NEo4LL6LC.aTG8q6o2RsJ2UFuZz_yB7x0
 K1ipagb.XAmQev0QRYX3aXcX4akWb7WN4p9Pn6lwO8QVXDCZs6UMLs6gJ5G2rFYazfpFwF1QF6J0
 j5HS2231FC0ydzjaTDp1IpsDk1LpJF1wTM3jAwKeIglYccxTDEh1i8jLvdRrjLX_dVCcQa9t4R6W
 dLAI6.3vdn8k46L6lZwlKXndQinOia5dcEtjFvV8mUHULgxlk4EMk9blsuztOmkQtjhLMD5rZwDN
 wCYpQZ1gQ.YCYfwgIib5ytbb0QTVhuQqsPwYlQ9ekUgZP1WZGJSX4FGSjIDh2pKIFmLBsvB3k_WM
 hCfHA7kX24chhGiKY2C5kRTN6PzA6dYIbZC_j7hSSkjfHw16HuEsh4_h2Awn3Zo2eQ8o.m.d63_w
 wltUFrpHjgmn9fkpXaOh5rUa7XPAspFA5vtuLrGJAvBY-
X-Sonic-MF: <bytemyzer@yahoo.com>
X-Sonic-ID: 3685265f-2395-47c9-b233-8afbd6f4db8d
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic301.consmr.mail.ne1.yahoo.com with HTTP; Sat, 24 Jun 2023 22:11:58 +0000
Date: Sat, 24 Jun 2023 22:11:54 +0000 (UTC)
From: Matthew Reeves <bytemyzer@yahoo.com>
To: "Inoue,Hiroshi" <hinoue205@gmail.com>
Cc: pgsql-odbc@postgresql.org
Message-ID: <2002328551.4654898.1687644714225@mail.yahoo.com>
In-Reply-To: 
 <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>
References: 
 <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
 <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>
Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl
 1.1.1l vulnerabilities
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_4654897_690635013.1687644714224"
X-Mailer: WebService/1.1.21557 YMailNodin
Content-Length: 5014
List-Id: <pgsql-odbc.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-odbc@lists.postgresql.org>
List-Owner: <mailto:pgsql-odbc-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-odbc>
Archived-At: 
 <https://www.postgresql.org/message-id/2002328551.4654898.1687644714225%40mail.yahoo.com>
Precedence: bulk

------=_Part_4654897_690635013.1687644714224
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

 Hello, Hiroshi,

For the benefit of the group, has a new release been made available yet?
     On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <hinoue205=
@gmail.com> wrote: =20
=20
 Hi Miloslav,
Sorry for the late reply.We will make a new release=C2=A0in a few days.Open=
ssl=C2=A03.0.9 version will be used in the release.
regards,Hiroshi Inoue
2023=E5=B9=B46=E6=9C=8814=E6=97=A5(=E6=B0=B4) 23:11 Miloslav Zadrazil <Milo=
slav.Zadrazil@solarwinds.com>:


Hello,=20

=C2=A0

We use your ODBC drivers in our product. During security scans we have rece=
ived warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-416=
0, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-021=
5, CVE-2023-0286 exposures.

=C2=A0

We must deliver vulnerability analysis to our customers. Can you, please, c=
onfirm that ODBC drivers in version 13.2 are not affected by those exposure=
s ?

=C2=A0

Are there any plans to release additional ODBC driver=E2=80=99s version con=
sidering the fact that openssl 1.x versions are going to be EOF on Septembe=
r 11, 2023 ? =C2=A0

=C2=A0

Many thanks

=C2=A0

Best Regards

=C2=A0

Miloslav Zadrazil

 =20
------=_Part_4654897_690635013.1687644714224
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div>                Hello, Hiroshi,<br><br>For the benefit of the group, h=
as a new release been made available yet?<br>            </div>            =
<div class=3D"yahoo_quoted" style=3D"margin:10px 0px 0px 0.8ex;border-left:=
1px solid #ccc;padding-left:1ex;">                                    <div =
style=3D"font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-si=
ze:13px;color:#26282a;">                                <div>              =
      On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi &lt;hinou=
e205@gmail.com&gt; wrote:                </div>                <div><br cle=
ar=3D"none"></div>                <div><br clear=3D"none"></div>           =
     <div><div id=3D"yiv9986786656"><div><div dir=3D"ltr">Hi Miloslav,<div>=
<br clear=3D"none"></div><div>Sorry for the late reply.</div><div>We will m=
ake a new release&nbsp;in a few days.</div><div>Openssl&nbsp;3.0.9 version =
will be used in the release.</div><div><br clear=3D"none"></div><div>regard=
s,</div><div>Hiroshi Inoue</div></div><br clear=3D"none"><div class=3D"yiv9=
986786656gmail_quote"><div dir=3D"ltr" class=3D"yiv9986786656gmail_attr">20=
23=E5=B9=B46=E6=9C=8814=E6=97=A5(=E6=B0=B4) 23:11 Miloslav Zadrazil &lt;<a =
rel=3D"nofollow noopener noreferrer" shape=3D"rect" ymailto=3D"mailto:Milos=
lav.Zadrazil@solarwinds.com" target=3D"_blank" href=3D"mailto:Miloslav.Zadr=
azil@solarwinds.com">Miloslav.Zadrazil@solarwinds.com</a>&gt;:<br clear=3D"=
none"></div><div id=3D"yiv9986786656yqt57807" class=3D"yiv9986786656yqt7445=
161616"><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid=
 rgb(204,204,204);padding-left:1ex;" class=3D"yiv9986786656gmail_quote"><di=
v class=3D"yiv9986786656msg9036365240937605994"><div lang=3D"EN-US" style=
=3D""><div class=3D"yiv9986786656m_9036365240937605994WordSection1"><p clas=
s=3D"yiv9986786656MsoNormal">Hello, <u></u><u></u></p><p class=3D"yiv998678=
6656MsoNormal"><u></u>&nbsp;<u></u></p><p class=3D"yiv9986786656MsoNormal">=
We use your ODBC drivers in our product. During security scans we have rece=
ived warning related to content of psqlODBC 13.2 driver package.<u></u><u><=
/u></p><p class=3D"yiv9986786656MsoNormal">It is flagged to contains OpenSS=
L 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097,=
 CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.<u></=
u><u></u></p><p class=3D"yiv9986786656MsoNormal"><u></u>&nbsp;<u></u></p><p=
 class=3D"yiv9986786656MsoNormal">We must deliver vulnerability analysis to=
 our customers. Can you, please, confirm that ODBC drivers in version 13.2 =
are not affected by those exposures ?<u></u><u></u></p><p class=3D"yiv99867=
86656MsoNormal"><u></u>&nbsp;<u></u></p><p class=3D"yiv9986786656MsoNormal"=
>Are there any plans to release additional ODBC driver=E2=80=99s version co=
nsidering the fact that openssl 1.x versions are going to be EOF on Septemb=
er 11, 2023 ? &nbsp;<u></u><u></u></p><p class=3D"yiv9986786656MsoNormal"><=
u></u>&nbsp;<u></u></p><p class=3D"yiv9986786656MsoNormal">Many thanks<u></=
u><u></u></p><p class=3D"yiv9986786656MsoNormal"><u></u>&nbsp;<u></u></p><p=
 class=3D"yiv9986786656MsoNormal">Best Regards<u></u><u></u></p><p class=3D=
"yiv9986786656MsoNormal"><u></u>&nbsp;<u></u></p><p class=3D"yiv9986786656M=
soNormal">Miloslav Zadrazil<u></u><u></u></p></div></div></div></blockquote=
></div></div></div></div></div>            </div>                        </=
div>
------=_Part_4654897_690635013.1687644714224--