psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities

Поиск
Список
Период
Сортировка
От Miloslav Zadrazil
Тема psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities
Дата
Msg-id PH0PR11MB512834ECFC2C76179FF5F68A835AA@PH0PR11MB5128.namprd11.prod.outlook.com
обсуждение исходный текст
Ответы Re: psqlODBC drivers 13.2 flagged to be vulnerable for openssl 1.1.1l vulnerabilities  ("Inoue,Hiroshi" <hinoue205@gmail.com>)
Список pgsql-odbc
Дерево обсуждения

Hello,

 

We use your ODBC drivers in our product. During security scans we have received warning related to content of psqlODBC 13.2 driver package.

It is flagged to contains OpenSSL 1.1.1lversion vulnerable for CVE-2021-4160, CVE-2022-0778, CVE-2022-2097, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 exposures.

 

We must deliver vulnerability analysis to our customers. Can you, please, confirm that ODBC drivers in version 13.2 are not affected by those exposures ?

 

Are there any plans to release additional ODBC driver’s version considering the fact that openssl 1.x versions are going to be EOF on September 11, 2023 ?  

 

Many thanks

 

Best Regards

 

Miloslav Zadrazil

В списке pgsql-odbc по дате отправления:

Предыдущее
От: Ronald Cabral
Дата:
Сообщение: Postgresql driver ODBC for linux
Следующее
От: Jason Hwang
Дата:
Сообщение: Connection to PostgreSQL 14.4