From: | Huong Dangminh <huo-dangminh(at)ys(dot)jp(dot)nec(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)postgresql(dot)org>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
Cc: | Akio Iwaasa <aki-iwaasa(at)vt(dot)jp(dot)nec(dot)com> |
Subject: | RE: PostgreSQL 2018-05-10 Security Update Release |
Date: | 2018-05-25 02:00:04 |
Message-ID: | 75DB81BEEA95B445AE6D576A0A5C9E936A77246D@BPXM05GP.gisp.nec.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-announce pgsql-bugs |
Hi,
> -----Original Message-----
> From: Stephen Frost [mailto:sfrost(at)postgresql(dot)org]
> Sent: Thursday, May 10, 2018 10:37 PM
> To: pgsql-announce(at)lists(dot)postgresql(dot)org
> Subject: PostgreSQL 2018-05-10 Security Update Release
>
> Security Issues
> ---------------
>
> One security vulnerability has been closed by this release:
>
> * CVE-2018-1115: Too-permissive access control list on function
> pg_logfile_rotate()
>
> * Security Page: https://www.postgresql.org/support/security/
Thanks for the announcement.
I think "Component & CVSS v3 Base Score" column for "CVE-2018-1115" was wrong.
The Base Score appears 0.0 but it should be 4.2.
So link to "nist" should be update as below?
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
And the Base Metrics also need to change like?
- AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Or am I missing something?
Thanks and best regards,
---
Dang Minh Huong
NEC Solution Innovators, Ltd.
http://www.nec-solutioninnovators.co.jp/en/
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2018-05-25 08:16:20 | Re: PostgreSQL 2018-05-10 Security Update Release |
Previous Message | Jonathan S. Katz | 2018-05-24 13:38:47 | PostgreSQL 11 Beta 1 Released! |
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2018-05-25 08:16:20 | Re: PostgreSQL 2018-05-10 Security Update Release |
Previous Message | David G. Johnston | 2018-05-24 12:28:03 | Primary key error in INFORMATION_SCHEMA views |