psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

public inbox for [email protected]  
help / color / mirror / Atom feed

psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities
4+ messages / 3 participants
[nested] [flat]

* psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities
@ 2023-06-14 10:00 Miloslav Zadrazil <[email protected]>
  2023-06-20 23:52 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
  0 siblings, 1 reply; 4+ messages in thread

From: Miloslav Zadrazil @ 2023-06-14 10:00 UTC (permalink / raw)
  To: pgsql-odbc

Hello,

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.
It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

Are there any plans to release additional ODBC driver's version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?

Many thanks

Best Regards

Miloslav Zadrazil

^ permalink  raw  reply  [nested|flat] 4+ messages in thread

* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  2023-06-14 10:00 psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities Miloslav Zadrazil <[email protected]>
@ 2023-06-20 23:52 ` Inoue,Hiroshi <[email protected]>
  2023-06-24 22:11   ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Matthew Reeves <[email protected]>
  0 siblings, 1 reply; 4+ messages in thread

From: Inoue,Hiroshi @ 2023-06-20 23:52 UTC (permalink / raw)
  To: ; +Cc: pgsql-odbc

Hi Miloslav,

Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.

regards,
Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:

> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>


^ permalink  raw  reply  [nested|flat] 4+ messages in thread

* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  2023-06-14 10:00 psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities Miloslav Zadrazil <[email protected]>
  2023-06-20 23:52 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
@ 2023-06-24 22:11   ` Matthew Reeves <[email protected]>
  2023-06-26 01:08     ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
  0 siblings, 1 reply; 4+ messages in thread

From: Matthew Reeves @ 2023-06-24 22:11 UTC (permalink / raw)
  To: Inoue,Hiroshi <[email protected]>; +Cc: pgsql-odbc

 Hello, Hiroshi,

For the benefit of the group, has a new release been made available yet?
     On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <[email protected]> wrote:  

 Hi Miloslav,
Sorry for the late reply.We will make a new release in a few days.Openssl 3.0.9 version will be used in the release.
regards,Hiroshi Inoue
2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:

Hello, 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

Many thanks

Best Regards

Miloslav Zadrazil

^ permalink  raw  reply  [nested|flat] 4+ messages in thread

* Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
  2023-06-14 10:00 psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities Miloslav Zadrazil <[email protected]>
  2023-06-20 23:52 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
  2023-06-24 22:11   ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Matthew Reeves <[email protected]>
@ 2023-06-26 01:08     ` Inoue,Hiroshi <[email protected]>
  0 siblings, 0 replies; 4+ messages in thread

From: Inoue,Hiroshi @ 2023-06-26 01:08 UTC (permalink / raw)
  To: Matthew Reeves <[email protected]>; +Cc: pgsql-odbc

Hi Matthew,

Yes, Hiroshi Saito has already announced the new release 15.0.0.0..

regards,
Hiroshi Inoue

2023年6月25日(日) 7:11 Matthew Reeves <[email protected]>:

> Hello, Hiroshi,
>
> For the benefit of the group, has a new release been made available yet?
> On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <
> [email protected]> wrote:
>
>
> Hi Miloslav,
>
> Sorry for the late reply.
> We will make a new release in a few days.
> Openssl 3.0.9 version will be used in the release.
>
> regards,
> Hiroshi Inoue
>
> 2023年6月14日(水) 23:11 Miloslav Zadrazil <[email protected]>:
>
> Hello,
>
>
>
> We use your ODBC drivers in our product. During security scans we have
> received warning related to content of psqlODBC 13.2 driver package.
>
> It is flagged to contains OpenSSL 1.1.1lversion vulnerable for
> CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450,
> CVE-2023-0215, CVE-2023-0286 exposures.
>
>
>
> We must deliver vulnerability analysis to our customers. Can you, please,
> confirm that ODBC drivers in version 13.2 are not affected by those
> exposures ?
>
>
>
> Are there any plans to release additional ODBC driver’s version
> considering the fact that openssl 1.x versions are going to be EOF on
> September 11, 2023 ?
>
>
>
> Many thanks
>
>
>
> Best Regards
>
>
>
> Miloslav Zadrazil
>
>


^ permalink  raw  reply  [nested|flat] 4+ messages in thread

end of thread, other threads:[~2023-06-26 01:08 UTC | newest]

Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2023-06-14 10:00 psqlODBC drivers 13.2  flagged to be vulnerable for openssl 1.1.1l vulnerabilities Miloslav Zadrazil <[email protected]>
2023-06-20 23:52 ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>
2023-06-24 22:11   ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Matthew Reeves <[email protected]>
2023-06-26 01:08     ` Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities Inoue,Hiroshi <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox