Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Inoue,Hiroshi <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Date: Wed, 21 Jun 2023 08:52:20 +0900
Message-ID: <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com> (raw)
In-Reply-To: <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
References: <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>

Hi Miloslav,

Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.

regards,
Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:

> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>

view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected]
  Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  In-Reply-To: <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox