Merge pull request #5599 from EnterpriseDB/docs/security/fix/assessme…

…ntsmat24 Snagging fixes for security links
EnterpriseDB · May 9, 2024 · f9a6b18 · f9a6b18 · github-actions · May 9, 2024
2 parents 3d6d936 + 0e5261e
commit f9a6b18
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 6 deletions.
diff --git a/advocacy_docs/security/assessments/cve-2024-4317.mdx b/advocacy_docs/security/assessments/cve-2024-4317.mdx
@@ -1,7 +1,7 @@
 ---
 title: CVE-2024-4317 - Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner
 navTitle: CVE-2024-4317
-affectedProducts: TBD
+affectedProducts: All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12
 ---
 
 First Published: 2024/05/09
@@ -25,7 +25,7 @@ CVSS Temporal Score: Undefined
 
 CVSS Environmental Score: Undefined
 
-CVSS Vector: TBC
+CVSS Vector: [AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N&version=3.0)
 
 ## Affected products and versions
 

diff --git a/advocacy_docs/security/assessments/index.mdx b/advocacy_docs/security/assessments/index.mdx
@@ -32,7 +32,7 @@ The CVEs listed in this section are from PostgreSQL and other parties who have r
 &nbsp;&nbsp;<a href="cve-2024-4317">Read Assessment</a>
 &nbsp;&nbsp;Updated: </span><span>2024/05/09</span>
 <h4>Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner</h4>
-<h5> TBD</h5>
+<h5> All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12</h5>
 </summary>
 <hr/>
 <em>Summary:</em>&nbsp;

diff --git a/advocacy_docs/security/index.mdx b/advocacy_docs/security/index.mdx
@@ -60,7 +60,7 @@ All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 and prior
 &nbsp;&nbsp;<a href="assessments/cve-2024-4317">Read Assessment</a>
 &nbsp;&nbsp;Updated: </span><span>2024/05/09</span>
 <h4>Restrict visibility of "pg_stats_ext" and "pg_stats_ext_exprs" entries to the table owner</h4>
-<h5> TBD</h5>
+<h5> All versions of PostgreSQL, EPAS and PGE prior to 16.3, 15.7, and 14.12</h5>
 </summary>
 <hr/>
 <em>Summary:</em>&nbsp;

diff --git a/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx b/product_docs/docs/epas/15/epas_rel_notes/epas15_7_0_rel_notes.mdx
@@ -10,7 +10,7 @@ EDB Postgres Advanced Server 15.7.0  includes the following enhancements and bug
 | Type              | Description                                                                                                                                                                                                     | Addresses&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |
 |-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Upstream merge    | Merged with community PostgreSQL 15.7. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 15.7 Release Notes](https://www.postgresql.org/docs/release/15.7/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317)|
-| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files.                                                                                          | #35906, [CVE-2024-4545](/security/advisories/cve2024545/)                                           |
+| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files.                                                                                          | #35906, [CVE-2024-4545](/security/advisories/cve20244545/)                                           |
 | Bug&nbsp;fix      | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword.                                                                                             | #36220                                                                                              |
 | Bug&nbsp;fix      | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`.                                                                         | #99282                                                                                              |
 | Bug&nbsp;fix      | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash.                                                                                     | #102746                                                                                             |

diff --git a/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx b/product_docs/docs/epas/16/epas_rel_notes/epas16_3_0_rel_notes.mdx
@@ -10,7 +10,7 @@ EDB Postgres Advanced Server 16.3.0 includes the following enhancements and bug
 | Type              | Description                                                                                                                                                                                         | Addresses&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |
 |-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Upstream merge    | Merged with community PostgreSQL 16.3. This release includes a fix for [CVE-2024-4317](/security/assessments/cve-2024-4317). See the [PostgreSQL 16.3 Release Notes](https://www.postgresql.org/docs/release/16.3/) for more information. | [CVE-2024-4317](/security/assessments/cve-2024-4317) |
-| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files.                                                                              | #35906, [CVE-2024-4545](/security/advisories/cve2024545/)                                           |
+| Security&nbsp;fix | Fixed an issue for `edbldr`. Now `edbldr` checks the `pg_read_server_files` privilege before accessing the data files.                                                                              | #35906, [CVE-2024-4545](/security/advisories/cve20244545/)                                           |
 | Bug&nbsp;fix      | Fixed an issue for `edb_filter_log`. Now it correctly redacts the password when the tab is used before the keyword.                                                                                 | #36220                                                                                              |
 | Bug&nbsp;fix      | Fixed an issue for `edb_audit` on Windows. Now it correctly rotates the log files based on days configured in `edb_audit_rotation_day`.                                                             | #99282                                                                                              |
 | Bug&nbsp;fix      | Fixed an issue to fetch all the attributes correctly from the sublink in `CONNECT BY` processing to avoid the server crash.                                                                         | #102746                                                                                             |