In the security advisory, the OpenSSL community had mentioned
"Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available."
So once the version 3.0.9 (and 1.1.1 update) we will rewrap the PostgreSQL installers
Bug reference: 17907 Logged by: Adrian Scott Email address: ascott@wwf.org.uk PostgreSQL version: 15.2 Operating system: Windows 10 Enterprise 64 bit Description:
We have been alerted to the existence of 3 OpenSSL vulnerabilities that are exposed within the OpenSSL v3.0.8 DLLs installed as part of the PostgresSQL 15.x install. In the default install paths the 2 files are found here: c:\program files\postgresql\15\bin\libcrypto-3-x64.dll c:\program files\postgresql\15\bin\libssl-3-x64.dll
These are affected by vulnerabilities CVE-2023-0464, CVE-2023-0465 & CVE-2023-0466
Please can you update the PostgresSQL distributions to include the latest OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or 3.0.9), to remove these vulnerabilities?
