Hi,
> -----Original Message-----
> From: Stephen Frost [mailto:sfrost@postgresql.org]
> Sent: Thursday, May 10, 2018 10:37 PM
> To: pgsql-announce@lists.postgresql.org
> Subject: PostgreSQL 2018-05-10 Security Update Release
>
> Security Issues
> ---------------
>
> One security vulnerability has been closed by this release:
>
> * CVE-2018-1115: Too-permissive access control list on function
> pg_logfile_rotate()
>
> * Security Page: https://www.postgresql.org/support/security/
Thanks for the announcement.
I think "Component & CVSS v3 Base Score" column for "CVE-2018-1115" was wrong.
The Base Score appears 0.0 but it should be 4.2.
So link to "nist" should be update as below?
- https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
And the Base Metrics also need to change like?
- AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:N
+ AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
Or am I missing something?
Thanks and best regards,
---
Dang Minh Huong
NEC Solution Innovators, Ltd.
http://www.nec-solutioninnovators.co.jp/en/