From: Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>
To: "pgsql-odbc@postgresql.org" <pgsql-odbc@postgresql.org>
Subject: psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l
 vulnerabilities
Thread-Topic: psqlODBC drivers 13.2  flagged to be vulnerable for openssl
 1.1.1l vulnerabilities
Thread-Index: AdmeptvLUNC1qEbAS2GejCUuO2k1KA==
Date: Wed, 14 Jun 2023 10:00:20 +0000
Message-ID: 
 <PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 
 =?us-ascii?Q?GwFw9I7poBIvgtP6tKFpcxYNS0cIrG7OoTtqSJkhhfQfQSEC8Odescx88Cnk?=
 =?us-ascii?Q?HNNw/5+rCNZn5ZI8f5jxwtyldg2NwdwDAoZVi0mla26OYVB2PFGs1N8Qbvx0?=
 =?us-ascii?Q?RNVAZg3h+6K4Rb5uoR+2lrDAeOmMoqL0gpA2fOcgWk0KgwnzxuSPhUIff0Zk?=
 =?us-ascii?Q?OVE6mwx/Z5Y0Nd1ubpzb3nFQXZB9A+ZKDJKstKG1nZOHSQze8L9XOO89TCiD?=
 =?us-ascii?Q?dfGPDaKpuS0HMegsx0jpqpDSohorLuWcLxJvGa9aHCH3b5qrGgN1+vqReVGH?=
 =?us-ascii?Q?maN9IPiOP93gRO3edj04gRbUAa8ib1V2cOjCZN/iNu9yRtzf1xxfKXO0fo/f?=
 =?us-ascii?Q?Or+j1PMRMcWvTH3LmBRdYNCeHdHL3+TPEj73TWTKldjslukqgoj5+d4CYP2h?=
 =?us-ascii?Q?jBI5Y3q/tsiudTwMKWh4Z3yblRGNWygRhVgEagJKiYGw1cIMinEPwrr2f2T4?=
 =?us-ascii?Q?BcDL7jlqYYLm53aMHkKodOP2e4CkxmZPkTVMvjnIo8XVoBqSRmSHktWqY8GU?=
 =?us-ascii?Q?EUuS60+ogoq5w18V5GqATxPgIm3Aisy7pdKsiA4PXNlP+APO2ztlqwuudNGy?=
 =?us-ascii?Q?SWiUz4dSyNpzve+WxYGKOkWalFTR45hOkfm8B5PnGMKY8OTkO+T0gw/Ol2Xa?=
 =?us-ascii?Q?st62Qb8r1hrPhb8W4gYRdgzipe5YqfqugC2PwiTosOOV6h//wQmBCIE8MLNL?=
 =?us-ascii?Q?C2AfUf7xJYir6MQQIXaT3zOu9ofHmqbZ4vMqKAg6RxFQ6bRnka8iXDnQDJD+?=
 =?us-ascii?Q?K1KnO1LVrroP6PKzKoSMCCNzlnKxbs3JSBl+ophJ5C9peGADajSakJthv0l4?=
 =?us-ascii?Q?LLyx8hXnQUxEx62MM2KtOFO07tr4gTRHLqsKAksrlOb4XbVnk+kuT5dL8P0j?=
 =?us-ascii?Q?ALup4O8xmC5+lNzQkwDvfSc+wTZIaI4LZiLv0JcFxyTbCJJqTLWWEFWbroFo?=
 =?us-ascii?Q?tvNp/J6ZEp295gfF++E1yliuApkHiARtXdfudsPaQtjFlppfEmaWLRKph7oF?=
 =?us-ascii?Q?qfiJaZ3xPjk7g/809NqmBK0dn6o+uPTAYB7EAFWacBgQKgl6yHvrz22uTEkI?=
 =?us-ascii?Q?nRU1QMMonpZscYoLVWxRz97VhxAt5mf8eFcS9fCOyYV4bhcII/vtouKXTJ8O?=
 =?us-ascii?Q?tL/22KIFb8E6HVVBeoaqKKW7X7cA7KWAUJOpP1yurT4IVNYuKZ28KrNpie7n?=
 =?us-ascii?Q?NtKkI5QrFKGWqKRG6929YosZHGQnhQgcs0FLucvCr9AZEqYRikr1Ie1nsQyC?=
 =?us-ascii?Q?yEWDEE+zokO/5iTgOhx9gM4G3xJVNieky2EB6n3tX+cFFI3LH6LOg0aSvvnN?=
 =?us-ascii?Q?FbvCDfVCkAedXtVNNt0yFiTsoEMQT5N5v0D4FL0PvkN2AMEa7hwH66sqzpwc?=
 =?us-ascii?Q?6/riUpnKig1JLtQgPi9nq8c/zwDmFVLH+7zTy03dGj4C6oOO0NXUXmHXC32r?=
 =?us-ascii?Q?nUamyk4TsB6Waoa3IEW+V7y+TmLL5WVkJkxutTzh0g/oPFYkrpRyMQCRyOay?=
 =?us-ascii?Q?yjcRktni7YggFdovOUuyDCwHmSlc0boEknLLlo/g/dr+nA4EEP2iyZOyKooQ?=
 =?us-ascii?Q?3+p2Ts265d6k2OXyFiimWF1KcVzLrhKASfHWsoJaA/5L+WImizrdprR1PYTl?=
 =?us-ascii?Q?wg=3D=3D?=
Content-Type: multipart/alternative;
	boundary="_000_PH0PR11MB512834ECFC2C76179FF5F68A835AAPH0PR11MB5128namp_"
MIME-Version: 1.0
X-OriginatorOrg: solarwinds.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5128.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 037b6fc5-01b6-40a6-852a-08db6cbe2a02
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2023 10:00:20.6856
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83f3a6e1-0470-4e13-984f-16a25372914c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 
 NgYgLJrxf3t/n6dU5SV+GznsR4G4D+CWs8hTTw8lH4+F9wm2LZlY1xk+h/kkM9oUDZ/Kbdf3ZD+oY0kY/DvgBNzpjMawCixEhgd2SVJxGRs4vZplQFzY6mrw6y8JnYF+
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB7294
List-Id: <pgsql-odbc.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-odbc@lists.postgresql.org>
List-Owner: <mailto:pgsql-odbc-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-odbc>
Archived-At: 
 <https://www.postgresql.org/message-id/PH0PR11MB512834ECFC2C76179FF5F68A835AA%40PH0PR11MB5128.namprd11.prod.outlook.com>
Precedence: bulk

--_000_PH0PR11MB512834ECFC2C76179FF5F68A835AAPH0PR11MB5128namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello,

We use your ODBC drivers in our product. During security scans we have rece=
ived warning related to content of psqlODBC 13.2 driver package.
It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-416=
0, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-021=
5, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, c=
onfirm that ODBC drivers in version 13.2 are not affected by those exposure=
s ?

Are there any plans to release additional ODBC driver's version considering=
 the fact that openssl 1.x versions are going to be EOF on September 11, 20=
23 ?

Many thanks

Best Regards

Miloslav Zadrazil

--_000_PH0PR11MB512834ECFC2C76179FF5F68A835AAPH0PR11MB5128namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"#0563C1" vlink=3D"#954F72" style=3D"word-wrap:=
break-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">Hello, <o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We use your ODBC drivers in our product. During secu=
rity scans we have received warning related to content of psqlODBC 13.2 dri=
ver package.<o:p></o:p></p>
<p class=3D"MsoNormal">It is flagged to contains OpenSSL 1.1.1lversion vuln=
erable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-=
2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">We must deliver vulnerability analysis to our custom=
ers. Can you, please, confirm that ODBC drivers in version 13.2 are not aff=
ected by those exposures ?<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Are there any plans to release additional ODBC drive=
r&#8217;s version considering the fact that openssl 1.x versions are going =
to be EOF on September 11, 2023 ? &nbsp;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Many thanks<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Best Regards<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">Miloslav Zadrazil<o:p></o:p></p>
</div>
</body>
</html>

--_000_PH0PR11MB512834ECFC2C76179FF5F68A835AAPH0PR11MB5128namp_--