Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Inoue,Hiroshi <[email protected]>
To: Matthew Reeves <[email protected]>
Cc: [email protected]
Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Date: Mon, 26 Jun 2023 10:08:28 +0900
Message-ID: <CAFGcedW+KegJuh6yK8ecRqgThGQjvJuRG7ZeVqu+hgRfauirdA@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
	<CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>
	<[email protected]>

Hi Matthew,

Yes, Hiroshi Saito has already announced the new release 15.0.0.0..

regards,
Hiroshi Inoue

2023年6月25日(日) 7:11 Matthew Reeves <[email protected]>:

> Hello, Hiroshi,
>
> For the benefit of the group, has a new release been made available yet?
> On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <
> [email protected]> wrote:
>
>
> Hi Miloslav,
>
> Sorry for the late reply.
> We will make a new release in a few days.
> Openssl 3.0.9 version will be used in the release.
>
> regards,
> Hiroshi Inoue
>
> 2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:
>
> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>
>

view thread (4+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  In-Reply-To: <CAFGcedW+KegJuh6yK8ecRqgThGQjvJuRG7ZeVqu+hgRfauirdA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox