The following bug has been logged on the website:
Bug reference: 17907
Logged by: Adrian Scott
Email address: ascott(at)wwf(dot)org(dot)uk
PostgreSQL version: 15.2
Operating system: Windows 10 Enterprise 64 bit
Description:
We have been alerted to the existence of 3 OpenSSL vulnerabilities that are
exposed within the OpenSSL v3.0.8 DLLs installed as part of the PostgresSQL
15.x install.
In the default install paths the 2 files are found here:
c:\program files\postgresql\15\bin\libcrypto-3-x64.dll
c:\program files\postgresql\15\bin\libssl-3-x64.dll
These are affected by vulnerabilities CVE-2023-0464, CVE-2023-0465 &
CVE-2023-0466
Please can you update the PostgresSQL distributions to include the latest
OpenSSL dlls with your next bugfixed release (either using OpenSSL 3.1.1 or
3.0.9), to remove these vulnerabilities?