Put links to github security advisories (#13012)

* Put links to github security advisories

* Fix linting issues

content/en/news/releases/1.15.x/announcing-1.15.7/index.md

@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.15.6 and 1.15.7.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Changes
 

content/en/news/releases/1.16.x/announcing-1.16.4/index.md

@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.16.3 and 1.16.4.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 # Changes
 

content/en/news/releases/1.17.x/announcing-1.17.2/index.md

@@ -14,23 +14,23 @@ This release note describes what’s different between Istio 1.17.1 and 1.17.2.
 
 ## Security update
 
-- __CVE-2023-27487__:
-  (CVSS Score 8.2, High): Client may fake the header `x-envoy-original-path`.
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
+Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__:
-  (CVSS Score 5.4, Moderate): gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
+gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__:
-  (CVSS Score 5.4, Moderate): Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
+Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__:
-  (CVSS Score 4.8, Moderate): Crash when a large request body is processed in Lua filter.
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
+Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__:
-  (CVSS Score 8.1, High): Envoy doesn't escape HTTP header values.
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
+Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__:
-  (CVSS Score 6.5, Moderate): Crash when a redirect url without a state parameter is received in the OAuth filter.
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
+Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Changes
 

content/en/news/security/istio-security-2023-001/index.md

@@ -17,22 +17,22 @@ skip_seealso: true
 
 ### Envoy CVEs
 
-- __CVE-2023-27487__: (CVSS Score 8.2, High):
+- __[CVE-2023-27487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5375-pq35-hf2g)__: (CVSS Score 8.2, High):
 Client may fake the header `x-envoy-original-path`.
 
-- __CVE-2023-27488__: (CVSS Score 5.4, Moderate):
+- __[CVE-2023-27488](https://github.com/envoyproxy/envoy/security/advisories/GHSA-9g5w-hqr3-w2ph)__: (CVSS Score 5.4, Moderate):
 gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.
 
-- __CVE-2023-27491__: (CVSS Score 5.4, Moderate):
+- __[CVE-2023-27491](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5jmv-cw9p-f9rp)__: (CVSS Score 5.4, Moderate):
 Envoy forwards invalid HTTP/2 and HTTP/3 downstream headers.
 
-- __CVE-2023-27492__: (CVSS Score 4.8, Moderate):
+- __[CVE-2023-27492](https://github.com/envoyproxy/envoy/security/advisories/GHSA-wpc2-2jp6-ppg2)__: (CVSS Score 4.8, Moderate):
 Crash when a large request body is processed in Lua filter.
 
-- __CVE-2023-27493__: (CVSS Score 8.1, High):
+- __[CVE-2023-27493](https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5w5-487h-qv8q)__: (CVSS Score 8.1, High):
 Envoy doesn't escape HTTP header values.
 
-- __CVE-2023-27496__: (CVSS Score 6.5, Moderate):
+- __[CVE-2023-27496](https://github.com/envoyproxy/envoy/security/advisories/GHSA-j79q-2g66-2xv5)__: (CVSS Score 6.5, Moderate):
 Crash when a redirect url without a state parameter is received in the OAuth filter.
 
 ## Am I Impacted?