Postgres Pro
Downloads
Home   >   mailing lists

RE: PostgreSQL 2018-05-10 Security Update Release - Mailing list pgsql-bugs

From Huong Dangminh
Subject RE: PostgreSQL 2018-05-10 Security Update Release
Date
Msg-id 75DB81BEEA95B445AE6D576A0A5C9E936A77246D@BPXM05GP.gisp.nec.co.jp
Whole thread Raw
Responses Re: PostgreSQL 2018-05-10 Security Update Release  (Magnus Hagander <magnus@hagander.net>)
List pgsql-bugs
Tree view 
Hi,

> -----Original Message-----
> From: Stephen Frost [mailto:sfrost@postgresql.org]
> Sent: Thursday, May 10, 2018 10:37 PM
> To: pgsql-announce@lists.postgresql.org
> Subject: PostgreSQL 2018-05-10 Security Update Release
>
> Security Issues
> ---------------
>
> One security vulnerability has been closed by this release:
>
> * CVE-2018-1115: Too-permissive access control list on function
> pg_logfile_rotate()
>
> * Security Page: https://www.postgresql.org/support/security/

Thanks for the announcement.
I think "Component & CVSS v3 Base Score" column for "CVE-2018-1115" was wrong.
The Base Score appears 0.0 but it should be 4.2.

So link to "nist" should be update as below?
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

And the Base Metrics also need to change like?
- AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L

Or am I missing something?


Thanks and best regards,
---
Dang Minh Huong
NEC Solution Innovators, Ltd.
http://www.nec-solutioninnovators.co.jp/en/

pgsql-bugs by date:

Previous
From: "David G. Johnston"
Date:
Subject: Primary key error in INFORMATION_SCHEMA views
Next
From: Magnus Hagander
Date:
Subject: Re: PostgreSQL 2018-05-10 Security Update Release