Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1qDaij-0007FY-Fn
	for pgsql-odbc@arkaria.postgresql.org; Mon, 26 Jun 2023 01:08:45 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-odbc-owner+archive@lists.postgresql.org>)
	id 1qDaii-0006WV-Bo
	for pgsql-odbc@arkaria.postgresql.org; Mon, 26 Jun 2023 01:08:44 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <hinoue205@gmail.com>)
	id 1qDaii-0006WM-3I
	for pgsql-odbc@lists.postgresql.org; Mon, 26 Jun 2023 01:08:44 +0000
Received: from mail-ed1-x52d.google.com ([2a00:1450:4864:20::52d])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <hinoue205@gmail.com>)
	id 1qDaif-000UDo-KM
	for pgsql-odbc@postgresql.org; Mon, 26 Jun 2023 01:08:43 +0000
Received: by mail-ed1-x52d.google.com with SMTP id
 4fb4d7f45d1cf-51d810010deso1088665a12.0
        for <pgsql-odbc@postgresql.org>; Sun, 25 Jun 2023 18:08:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1687741720; x=1690333720;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=9bW/goD+vvbpgtRDtvrwzHNzBP8IwByWymz6/tXZtmA=;
        b=NCqQ/86k0tMdQJ49fw+V/mO6bw6Wx/z1rFMG7nkZq6dA58UhoeM9s4JSkF6QznN8+f
         tpHJmpHMNxYsOfp5STF74d/kbu1RhjXk78MQJjsF5/JTdeDdrnb+Erp0KWx45nrYH4by
         bgYhQTfS33yFBo1Vx0ZHWY45gj4psmvOXwWsbDfdxP2RK1Na3dkn11WzpKL0DWR0XpBN
         jNxt2m3BV7AGiEtGIHkW7tmo9bOo0Az2PdfNjHsv7d58xAo6VLKN6qI905qQFs00B/67
         1xZ6zVpPwAdsyvEWogso2xDS19w6UTT4H63UBxtvgZ3sma0XqLbooAF53MtEQ9D2GvcY
         JWbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687741720; x=1690333720;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=9bW/goD+vvbpgtRDtvrwzHNzBP8IwByWymz6/tXZtmA=;
        b=Ri8nNn+zioGnVLjBeRT4bbPNMlVRr81A0uo8gcRwsWQC5i0G4GaDFL2duN+1gfqkw5
         EkwrrYCmxEGUAAJ9OnV1EB5mJG4lQ6rGwI3BmH5EmDATe71dRpMEYBkJdy7bx+KlL6Pe
         Bp6Kb+X3sdph7jhU+obng8r4S6werE/zdq9hKbadm8U+KL08CK+Vm/zH3fjx29fS2roI
         y3JRH/LpqDUvpVMI1w8zwzkhufM9BKOYFbi/Bgw1bhVLuaEKyGvx5+TAL4Too9DLGfYW
         MWAx5hyUFc95fvsWzopJiFC42Xz0pZIAKFwWRwSjnoLuMc1hjMf/bpbXaP9+dFzQZ1Vv
         kNwQ==
X-Gm-Message-State: AC+VfDzoVGV2D+BV2U49ZxV5bJFinTnTtbWdVtzTaiG3nhDXEaLMXylp
	VL1ja98O0tzUqqIjlVHPzY94VL7zW9ZpRrs2M5LtwCbX
X-Google-Smtp-Source: 
 ACHHUZ4Z749Dc23rsSH6g9vj5aY0pcTwDz0EBQXm+Vjn1v6lUcnSQFDrJxLGxo/u0yh2HGHhhdRF8ZxGBoXHfzO0lis=
X-Received: by 2002:a17:907:a412:b0:98f:3485:9c4a with SMTP id
 sg18-20020a170907a41200b0098f34859c4amr1449102ejc.3.1687741720370; Sun, 25
 Jun 2023 18:08:40 -0700 (PDT)
MIME-Version: 1.0
References: 
 <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
 <CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com>
 <2002328551.4654898.1687644714225@mail.yahoo.com>
In-Reply-To: <2002328551.4654898.1687644714225@mail.yahoo.com>
From: "Inoue,Hiroshi" <hinoue205@gmail.com>
Date: Mon, 26 Jun 2023 10:08:28 +0900
Message-ID: 
 <CAFGcedW+KegJuh6yK8ecRqgThGQjvJuRG7ZeVqu+hgRfauirdA@mail.gmail.com>
Subject: Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l
 vulnerabilities
To: Matthew Reeves <bytemyzer@yahoo.com>
Cc: pgsql-odbc@postgresql.org
Content-Type: multipart/alternative; boundary="000000000000b72c6505fefdfd4e"
List-Id: <pgsql-odbc.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-odbc@lists.postgresql.org>
List-Owner: <mailto:pgsql-odbc-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-odbc>
Archived-At: 
 <https://www.postgresql.org/message-id/CAFGcedW%2BKegJuh6yK8ecRqgThGQjvJuRG7ZeVqu%2BhgRfauirdA%40mail.gmail.com>
Precedence: bulk

--000000000000b72c6505fefdfd4e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Matthew,

Yes, Hiroshi Saito has already announced the new release 15.0.0.0..

regards,
Hiroshi Inoue

2023=E5=B9=B46=E6=9C=8825=E6=97=A5(=E6=97=A5) 7:11 Matthew Reeves <bytemyze=
r@yahoo.com>:

> Hello, Hiroshi,
>
> For the benefit of the group, has a new release been made available yet?
> On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <
> hinoue205@gmail.com> wrote:
>
>
> Hi Miloslav,
>
> Sorry for the late reply.
> We will make a new release in a few days.
> Openssl 3.0.9 version will be used in the release.
>
> regards,
> Hiroshi Inoue
>
> 2023=E5=B9=B46=E6=9C=8814=E6=97=A5(=E6=B0=B4) 23:11 Miloslav Zadrazil <Mi=
loslav.Zadrazil@solarwinds.com>:
>
> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450=
,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver=E2=80=99s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>
>

--000000000000b72c6505fefdfd4e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Hi Matthew,</div><div dir=3D"ltr"><br></d=
iv><div dir=3D"ltr">Yes, Hiroshi=C2=A0Saito has already announced the new r=
elease 15.0.0.0..</div><div dir=3D"ltr"><div><br></div><div>regards,</div><=
div>Hiroshi Inoue</div></div><br><div class=3D"gmail_quote"><div dir=3D"ltr=
" class=3D"gmail_attr">2023=E5=B9=B46=E6=9C=8825=E6=97=A5(=E6=97=A5) 7:11 M=
atthew Reeves &lt;<a href=3D"mailto:bytemyzer@yahoo.com" target=3D"_blank">=
bytemyzer@yahoo.com</a>&gt;:<br></div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi=
ng-left:1ex"><div>                Hello, Hiroshi,<br><br>For the benefit of=
 the group, has a new release been made available yet?<br>            </div=
>            <div style=3D"margin:10px 0px 0px 0.8ex;border-left:1px solid =
rgb(204,204,204);padding-left:1ex">                                    <div=
 style=3D"font-family:&quot;Helvetica Neue&quot;,Helvetica,Arial,sans-serif=
;font-size:13px;color:rgb(38,40,42)">                                <div> =
                   On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiro=
shi &lt;<a href=3D"mailto:hinoue205@gmail.com" target=3D"_blank">hinoue205@=
gmail.com</a>&gt; wrote:                </div>                <div><br clea=
r=3D"none"></div>                <div><br clear=3D"none"></div>            =
    <div><div id=3D"m_-4844869157467161347m_2215569392996346948m_-885692289=
1443197091m_-693133156865127513yiv9986786656"><div><div dir=3D"ltr">Hi Milo=
slav,<div><br clear=3D"none"></div><div>Sorry for the late reply.</div><div=
>We will make a new release=C2=A0in a few days.</div><div>Openssl=C2=A03.0.=
9 version will be used in the release.</div><div><br clear=3D"none"></div><=
div>regards,</div><div>Hiroshi Inoue</div></div><br clear=3D"none"><div><di=
v dir=3D"ltr">2023=E5=B9=B46=E6=9C=8814=E6=97=A5(=E6=B0=B4) 23:11 Miloslav =
Zadrazil &lt;<a rel=3D"nofollow noopener noreferrer" shape=3D"rect" href=3D=
"mailto:Miloslav.Zadrazil@solarwinds.com" target=3D"_blank">Miloslav.Zadraz=
il@solarwinds.com</a>&gt;:<br clear=3D"none"></div><div id=3D"m_-4844869157=
467161347m_2215569392996346948m_-8856922891443197091m_-693133156865127513yi=
v9986786656yqt57807"><blockquote style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex"><div><div lang=3D"EN-US"><=
div><p>Hello, <u></u><u></u></p><p><u></u>=C2=A0<u></u></p><p>We use your O=
DBC drivers in our product. During security scans we have received warning =
related to content of psqlODBC 13.2 driver package.<u></u><u></u></p><p>It =
is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, =
CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, =
CVE-2023-0286 exposures.<u></u><u></u></p><p><u></u>=C2=A0<u></u></p><p>We =
must deliver vulnerability analysis to our customers. Can you, please, conf=
irm that ODBC drivers in version 13.2 are not affected by those exposures ?=
<u></u><u></u></p><p><u></u>=C2=A0<u></u></p><p>Are there any plans to rele=
ase additional ODBC driver=E2=80=99s version considering the fact that open=
ssl 1.x versions are going to be EOF on September 11, 2023 ? =C2=A0<u></u><=
u></u></p><p><u></u>=C2=A0<u></u></p><p>Many thanks<u></u><u></u></p><p><u>=
</u>=C2=A0<u></u></p><p>Best Regards<u></u><u></u></p><p><u></u>=C2=A0<u></=
u></p><p>Miloslav Zadrazil<u></u><u></u></p></div></div></div></blockquote>=
</div></div></div></div></div>            </div>                        </d=
iv></blockquote></div></div>

--000000000000b72c6505fefdfd4e--