Re: Heartbleed Impact - Mailing list pgsql-general

On Wed, Apr 16, 2014 at 9:08 PM, Dev Kumkar <devdas.kumkar@gmail.com> wrote:

On Wed, Apr 16, 2014 at 7:50 PM, Stephen Frost <sfrost@snowman.net> wrote:

* Dev Kumkar (devdas.kumkar@gmail.com) wrote:
> I just downloaded the latest binaries from EnterpriseDB and when checked
> with libssl.so.1.0.0 can see this:
> OpenSSL 1.0.1g 7 Apr 2014
>
> OpenSSL 1.0.1g is the patched version.

Yes, checked w/ them and they say it's all patched..

> Awaiting confirmation and also please let know if there is certain NOTE or
> link which talks about this fix from EnterpriseDB side.

There's a note on the 'installers' page here:
http://www.enterprisedb.com/products-services-training/pgdownload

I believe they're going to add a note to the other page too.

        Thanks,

                Stephen

Thanks for the confirmation. Yup checked the NOTE on 'installers' page and a note on binary page will really help.

Regards...

Hello Guys,

For postgreSQL, is there any OpenSSL fix coming up for this issue: http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/

Currently in PostgreSQL 9.4.3 the version is as follows: OpenSSL 1.0.1g 7 Apr 2014

As per the above link, fixed OpenSSL version would be 1.0.1h

Looking forward for some comments here.