RE: PostgreSQL 2018-05-10 Security Update Release

Поиск
Список
Период
Сортировка
От Huong Dangminh
Тема RE: PostgreSQL 2018-05-10 Security Update Release
Дата
Msg-id 75DB81BEEA95B445AE6D576A0A5C9E936A77246D@BPXM05GP.gisp.nec.co.jp
обсуждение исходный текст
Ответы Re: PostgreSQL 2018-05-10 Security Update Release
Список pgsql-bugs
Дерево обсуждения 
Hi,

> -----Original Message-----
> From: Stephen Frost [mailto:sfrost@postgresql.org]
> Sent: Thursday, May 10, 2018 10:37 PM
> To: pgsql-announce@lists.postgresql.org
> Subject: PostgreSQL 2018-05-10 Security Update Release
>
> Security Issues
> ---------------
>
> One security vulnerability has been closed by this release:
>
> * CVE-2018-1115: Too-permissive access control list on function
> pg_logfile_rotate()
>
> * Security Page: https://www.postgresql.org/support/security/

Thanks for the announcement.
I think "Component & CVSS v3 Base Score" column for "CVE-2018-1115" was wrong.
The Base Score appears 0.0 but it should be 4.2.

So link to "nist" should be update as below?
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

And the Base Metrics also need to change like?
- AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Or am I missing something?


Thanks and best regards,
---
Dang Minh Huong
NEC Solution Innovators, Ltd.
http://www.nec-solutioninnovators.co.jp/en/

В списке pgsql-bugs по дате отправления: