Home > mailing lists

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities - Mailing list pgsql-odbc

From	Inoue,Hiroshi
Subject	Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Date	June 21, 2023 02:52:20
Msg-id	CAFGcedVJbAAHVmtDnbHaOYcU7kvzUNfsDe--Biw7s6h8koJqtA@mail.gmail.com Whole thread Raw
In response to	psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities (Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>)
Responses	Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities (Matthew Reeves <bytemyzer@yahoo.com>)
List	pgsql-odbc

Tree view

Hi Miloslav,

Sorry for the late reply.

We will make a new release in a few days.

Openssl 3.0.9 version will be used in the release.

regards,

Hiroshi Inoue

2023年6月14日(水) 23:11 Miloslav Zadrazil <Miloslav.Zadrazil@solarwinds.com>:

Hello,

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.
It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?

Many thanks

Best Regards

Miloslav Zadrazil

pgsql-odbc by date:

From: Tom Hughes
Date: 20 June 2023, 15:47:11
Subject: [PATCH] Allow catalog (database) enumeration with SQLTables

From: Hiroshi Saito
Date: 23 June 2023, 11:20:28
Subject: psqlODBC 15.00.0000 Released

Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities - Mailing list pgsql-odbc

Previous

Next