Postgres Pro
Downloads
Home   >   mailing lists

Thread: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

From
Miloslav Zadrazil
Date:

Hello,

 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

 

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

 

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

 

Many thanks

 

Best Regards

 

Miloslav Zadrazil

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

From
"Inoue,Hiroshi"
Date:
Hi Miloslav,

Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.

regards,
Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>:

Hello,

 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

 

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

 

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

 

Many thanks

 

Best Regards

 

Miloslav Zadrazil

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

From
Matthew Reeves
Date:
Hello, Hiroshi,

For the benefit of the group, has a new release been made available yet?
On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <hinoue205@gmail.com> wrote:


Hi Miloslav,

Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.

regards,
Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>:

Hello,

 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

 

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

 

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

 

Many thanks

 

Best Regards

 

Miloslav Zadrazil

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

From
"Inoue,Hiroshi"
Date:
Hi Matthew,

Yes, Hiroshi Saito has already announced the new release 15.0.0.0..

regards,
Hiroshi Inoue

2023年6月25日(日) 7:11 Matthew Reeves <bytemyzer@yahoo.com>:
Hello, Hiroshi,

For the benefit of the group, has a new release been made available yet?
On Tuesday, June 20, 2023 at 04:52:40 PM PDT, Inoue,Hiroshi <hinoue205@gmail.com> wrote:


Hi Miloslav,

Sorry for the late reply.
We will make a new release in a few days.
Openssl 3.0.9 version will be used in the release.

regards,
Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>:

Hello,

 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

 

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

 

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

 

Many thanks

 

Best Regards

 

Miloslav Zadrazil