| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | "Vibhu Chauhan (iDEAS-ER&D)" <vibhu(dot)chauhan(at)wipro(dot)com> |
| Cc: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: OpenSSL v1.1.1n in postgres |
| Date: | 2022-03-26 20:32:19 |
| Message-ID: | 3CF81050-F834-4000-99C0-8BC2E805CFAB@yesql.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
> On 26 Mar 2022, at 18:32, Vibhu Chauhan (iDEAS-ER&D) <vibhu(dot)chauhan(at)wipro(dot)com> wrote:
> Hi Postgres support,
This is the bug reporting mailing list, and this is not a bug report. Please
use pgsql-general for future questions like these.
> In one security scan we found that OpenSSL v1.1.1k is vulnerable which is sub-component of postgres 13.3. From below link we came to know that affected OpenSSL version 1.1.1k is fixed in 1.1.1n version. We wanted to know which postgres version having this fix version of OpenSSL? And is there any steps to mitigate the risk of version 1.1.1k?
PostgreSQL doesn't come statically linked to any OpenSSL version, you need to
ask your system administrators and/or PostgreSQL service provider about this.
--
Daniel Gustafsson https://vmware.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-03-26 20:38:56 | Re: OpenSSL v1.1.1n in postgres |
| Previous Message | Vibhu Chauhan (iDEAS-ER&D) | 2022-03-26 17:32:12 | OpenSSL v1.1.1n in postgres |