public inbox for [email protected]help / color / mirror / Atom feed
psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities 4+ messages / 3 participants [nested] [flat]
* psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities @ 2023-06-14 10:00 Miloslav Zadrazil <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Miloslav Zadrazil @ 2023-06-14 10:00 UTC (permalink / raw) To: pgsql-odbc Hello, We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package. It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures. We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ? Are there any plans to release additional ODBC driver's version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ? Many thanks Best Regards Miloslav Zadrazil ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities @ 2023-06-20 23:52 Inoue,Hiroshi <[email protected]> parent: Miloslav Zadrazil <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Inoue,Hiroshi @ 2023-06-20 23:52 UTC (permalink / raw) To: ; +Cc: pgsql-odbc Hi Miloslav, Sorry for the late reply. We will make a new release in a few days. Openssl 3.0.9 version will be used in the release. regards, Hiroshi Inoue 2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>: > Hello, > > > > We use your ODBC drivers in our product. During security scans we have > received warning related to content of psqlODBC 13.2 driver package. > > It is flagged to contains OpenSSL 1.1.1lversion vulnerable for > CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, > CVE-2023-0215, CVE-2023-0286 exposures. > > > > We must deliver vulnerability analysis to our customers. Can you, please, > confirm that ODBC drivers in version 13.2 are not affected by those > exposures ? > > > > Are there any plans to release additional ODBC driver’s version > considering the fact that openssl 1.x versions are going to be EOF on > September 11, 2023 ? > > > > Many thanks > > > > Best Regards > > > > Miloslav Zadrazil > ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities @ 2023-06-24 22:11 Matthew Reeves <[email protected]> parent: Inoue,Hiroshi <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Matthew Reeves @ 2023-06-24 22:11 UTC (permalink / raw) To: Inoue,Hiroshi <[email protected]>; +Cc: pgsql-odbc Hello, Hiroshi, For the benefit of the group, has a new release been made available yet? On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <[email protected]> wrote: Hi Miloslav, Sorry for the late reply.We will make a new release in a few days.Openssl 3.0.9 version will be used in the release. regards,Hiroshi Inoue 2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>: Hello, We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package. It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures. We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ? Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ? Many thanks Best Regards Miloslav Zadrazil ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities @ 2023-06-26 01:08 Inoue,Hiroshi <[email protected]> parent: Matthew Reeves <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Inoue,Hiroshi @ 2023-06-26 01:08 UTC (permalink / raw) To: Matthew Reeves <[email protected]>; +Cc: pgsql-odbc Hi Matthew, Yes, Hiroshi Saito has already announced the new release 15.0.0.0.. regards, Hiroshi Inoue 2023年6月25日(日) 7:11 Matthew Reeves <[email protected]>: > Hello, Hiroshi, > > For the benefit of the group, has a new release been made available yet? > On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi < > [email protected]> wrote: > > > Hi Miloslav, > > Sorry for the late reply. > We will make a new release in a few days. > Openssl 3.0.9 version will be used in the release. > > regards, > Hiroshi Inoue > > 2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>: > > Hello, > > > > We use your ODBC drivers in our product. During security scans we have > received warning related to content of psqlODBC 13.2 driver package. > > It is flagged to contains OpenSSL 1.1.1lversion vulnerable for > CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, > CVE-2023-0215, CVE-2023-0286 exposures. > > > > We must deliver vulnerability analysis to our customers. Can you, please, > confirm that ODBC drivers in version 13.2 are not affected by those > exposures ? > > > > Are there any plans to release additional ODBC driver’s version > considering the fact that openssl 1.x versions are going to be EOF on > September 11, 2023 ? > > > > Many thanks > > > > Best Regards > > > > Miloslav Zadrazil > > ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2023-06-26 01:08 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2023-06-14 10:00 psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Miloslav Zadrazil <[email protected]> 2023-06-20 23:52 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]> 2023-06-24 22:11 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Matthew Reeves <[email protected]> 2023-06-26 01:08 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox