Обсуждение: psqlODBC msi download for Heartbleed
Hi,
I was wondering when a new download with a fix for Heartbleed vulnerability will be available?
The latest available here is from March 8, 2014:
http://www.postgresql.org/ftp/odbc/versions/msi/
Best,
Anna
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com
On 05/12/2014 10:01 PM, Anna Gershnik wrote: > Hi, > > I was wondering when a new download with a fix for Heartbleed vulnerability will be available? > The latest available here is from March 8, 2014: > http://www.postgresql.org/ftp/odbc/versions/msi/ Oh, I didn't realize we ship the SSL libraries in the installer. Yeah, we should update those ASAP. Hiroshi, others, can we put out a new release, with updated SSL libraries, please? Where exactly do the libraries come from, i.e. what is the upstream project? If there's anything I can do to help, let me know. - Heikki
On Tue, May 13, 2014 at 6:11 PM, Heikki Linnakangas <hlinnakangas@vmware.com> wrote: > On 05/12/2014 10:01 PM, Anna Gershnik wrote: >> >> Hi, >> >> I was wondering when a new download with a fix for Heartbleed >> vulnerability will be available? >> The latest available here is from March 8, 2014: >> http://www.postgresql.org/ftp/odbc/versions/msi/ > > > Oh, I didn't realize we ship the SSL libraries in the installer. Yeah, we > should update those ASAP. > > Hiroshi, others, can we put out a new release, with updated SSL libraries, > please? Yeah, that's definitely something we should do. > Where exactly do the libraries come from, i.e. what is the upstream > project? If there's anything I can do to help, let me know. I was planning to have a look at the msvc specs of odbc soon... But could not really find the time. Btw, I would assume that the openssl libs come from here: http://slproweb.com/products/Win32OpenSSL.html -- Michael
Hi all. Sorry very late reaction. Ooops, Openssl version that is provided was 1.0.1f....:-( I would release to adjust with Inoue-san soon. (2014/05/13 19:32), Michael Paquier wrote: > On Tue, May 13, 2014 at 6:11 PM, Heikki Linnakangas > <hlinnakangas@vmware.com> wrote: >> On 05/12/2014 10:01 PM, Anna Gershnik wrote: >>> >>> Hi, >>> >>> I was wondering when a new download with a fix for Heartbleed >>> vulnerability will be available? >>> The latest available here is from March 8, 2014: >>> http://www.postgresql.org/ftp/odbc/versions/msi/ >> >> >> Oh, I didn't realize we ship the SSL libraries in the installer. Yeah, we >> should update those ASAP. >> >> Hiroshi, others, can we put out a new release, with updated SSL libraries, >> please? > Yeah, that's definitely something we should do. > >> Where exactly do the libraries come from, i.e. what is the upstream >> project? If there's anything I can do to help, let me know. > I was planning to have a look at the msvc specs of odbc soon... But > could not really find the time. Btw, I would assume that the openssl > libs come from here: > http://slproweb.com/products/Win32OpenSSL.html >
Appreciate your help. Any estimate on when this might happen? Best Regards, Anna -----Original Message----- From: Hiroshi Saito [mailto:hiroshi@winpg.jp] Sent: Tuesday, May 13, 2014 6:20 AM To: Michael Paquier; Hiroshi Inoue Cc: Heikki Linnakangas; Anna Gershnik; pgsql-odbc@postgresql.org Subject: Re: [ODBC] psqlODBC msi download for Heartbleed Hi all. Sorry very late reaction. Ooops, Openssl version that is provided was 1.0.1f....:-( I would release to adjust with Inoue-san soon. (2014/05/13 19:32), Michael Paquier wrote: > On Tue, May 13, 2014 at 6:11 PM, Heikki Linnakangas > <hlinnakangas@vmware.com> wrote: >> On 05/12/2014 10:01 PM, Anna Gershnik wrote: >>> >>> Hi, >>> >>> I was wondering when a new download with a fix for Heartbleed >>> vulnerability will be available? >>> The latest available here is from March 8, 2014: >>> http://www.postgresql.org/ftp/odbc/versions/msi/ >> >> >> Oh, I didn't realize we ship the SSL libraries in the installer. >> Yeah, we should update those ASAP. >> >> Hiroshi, others, can we put out a new release, with updated SSL >> libraries, please? > Yeah, that's definitely something we should do. > >> Where exactly do the libraries come from, i.e. what is the upstream >> project? If there's anything I can do to help, let me know. > I was planning to have a look at the msvc specs of odbc soon... But > could not really find the time. Btw, I would assume that the openssl > libs come from here: > http://slproweb.com/products/Win32OpenSSL.html >