I'm going to try to do it this afternoon - things got a bit busy after PGConf.EU...
On Thu, Nov 10, 2016 at 4:28 AM, Sathesh S <sathesh.sunda...@hotmail.com> wrote: > Hi Dave, > > By any chance will the updated pgadmin III get released by this weekend? > > Thanks, > Sathesh > > > > > On Tue, Nov 1, 2016 at 10:03 PM +0530, "Sathesh S" > <sathesh.sunda...@hotmail.com> wrote: > > Thanks Dave, it will be wonderful to have a updated final release. > > Thanks, > Sathesh > > > > > On Tue, Nov 1, 2016 at 2:36 PM +0530, "Dave Page" <dp...@pgadmin.org> wrote: > > Hi > > Based on feedback from existing users, I'm currently thinking I'll do a > final wrap-up release of community pgAdmin III next week (after PGConf.EU). > This will include the latest OpenSSL release. > > On Tuesday, November 1, 2016, Sathesh S <sathesh.sunda...@hotmail.com> > wrote: >> >> Hi Ben, >> >> >> >> Thanks for the information. I tried to install pgAdmin3 LTS version in my >> laptop but looks like there is no option to install it without installing >> PGC, even after installing PGC I’m not to install pgAdmin3 as the package is >> not available. >> >> >> >> If you have installed it, can you please tell what version of OpenSSL is >> used by pgAdmin3 LTS. >> >> >> >> Also, it would be helpful if you can advice on copying OpenSSL file from >> pgAdmin IV to pgAdmin III (question in my previous email) >> >> >> >> Thanks, >> >> Sathesh >> >> >> >> >> >> From: Ben Trewern >> Sent: Monday, October 31, 2016 5:43 PM >> To: Sathesh S >> Cc: pgadmin-support@postgresql.org >> Subject: Re: [pgadmin-support] OpenSSL Vulnerability in pgAdmin III >> >> >> >> Hi, >> >> For pgAdmin III it might be worth looking at >> http://www.bigsql.org/pgadmin3/. They are looking at updating and >> supporting pgAdmin III for a while longer. >> >> Regards, >> >> Ben >> >> >> On 31 Oct 2016, at 04:43, Sathesh S <sathesh.sunda...@hotmail.com> wrote: >> >> >> Hello All, >> >> We use pgAdmin III to connect to Greenplum database. We had recently found >> out from our vulnerability team that pgAdmin III uses OpenSSL version before >> 1.0.2h which has the below vulnerability. >> >> OpenSSL version before 1.0.1t & 1.0.2h has vulnerabilities. And pgAdmin 3 >> is using a vulnerable version of OpenSSL. >> >> The latest version in pgAdmin III is v1.22 and it is using OpenSSL version >> 1.0.2f. >> >> Below is the info related to the vulnerability: >> Overview: The X509_NAME_oneline function in crypto/x509/x509_obj.c in >> OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to >> obtain sensitive information from process stack memory or cause a denial of >> service (buffer over-read) via crafted EBCDIC ASN.1 data. >> >> Even though pgAdmin IV uses a OpenSSL version above 1.0.2h, we are unable >> to use pgAdmin IV because it is having issues connection to Greenplum (it >> gives below error) >> >> ERROR: unrecognized configuration parameter "bytea_output" >> >> Can you please help with my below questions: >> >> 1. I understand that pgAdmin III is not supported anymore, but >> because pgAdmin IV is relatively new and lot of people would be still using >> pgAdmin III, will a updated version of pgAdmin III released with latest >> version of OpenSSL be released? >> >> 2. Can end users update the OpenSSL version themselves? I mean – >> Since pgAdmin IV is using OpenSSL 1.0.2h, can we copy this file to pgAdmin >> III v1.22. >> Is this workaround okay/allowed? >> Will this workaround create any issues in pgAdmin III? >> >> Please help, thanks in advance. >> >> Thanks, >> Sathesh >> >> > > > -- > Dave Page > Blog: http://pgsnake.blogspot.com > Twitter: @pgsnake > > EnterpriseDB UK: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgadmin-support mailing list (pgadmin-support@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgadmin-support
