database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-02 11:44:50 +03:00
Code

Last-minute updates for release notes.

Browse Source 
Security: CVE-2020-1720
This commit is contained in:
Tom Lane 2020-02-10 12:51:07 -05:00
parent 1631617236
commit 27cfad5c86
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
doc/src/sgml/release-10.sgml
View File

@ -35,6 +35,30 @@
<listitem>
<!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: master [b048f558d] 2020-02-10 11:47:09 -0300
Branch: REL_12_STABLE [2ad125322] 2020-02-10 11:47:09 -0300
Branch: REL_11_STABLE [bdd19e48a] 2020-02-10 11:47:09 -0300
Branch: REL_10_STABLE [ac1a998ed] 2020-02-10 11:47:09 -0300
Branch: REL9_6_STABLE [e8b8eb937] 2020-02-10 12:06:25 -0300
-->
<para>
Add missing permissions checks for <command>ALTER ... DEPENDS ON
EXTENSION</command> (&Aacute;lvaro Herrera)
</para>
<para>
Marking an object as dependent on an extension did not have any
privilege check whatsoever. This oversight allowed any user to mark
routines, triggers, materialized views, or indexes as droppable by
anyone able to drop an extension. Require that the calling user own
the specified object (and hence have privilege to drop it).
(CVE-2020-1720)
</para>
</listitem>
<listitem>
<!--
Author: Peter Eisentraut <peter@eisentraut.org>
Branch: master [b9c130a1f] 2020-01-06 08:40:00 +0100
Branch: REL_12_STABLE [8c2bfd9f9] 2020-01-06 10:43:55 +0100
@ -768,6 +792,24 @@ Branch: REL9_4_STABLE [56c06999d] 2019-11-13 11:35:37 -0500
<listitem>
<!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: master [8fa8e0115] 2020-02-10 12:14:58 -0300
Branch: REL_12_STABLE [87d014da9] 2020-02-10 12:14:58 -0300
Branch: REL_11_STABLE [ca902add6] 2020-02-10 12:14:58 -0300
Branch: REL_10_STABLE [163161723] 2020-02-10 12:14:58 -0300
Branch: REL9_6_STABLE [5575fc208] 2020-02-10 12:14:58 -0300
Branch: REL9_5_STABLE [1b2ae4bcd] 2020-02-10 12:16:40 -0300
Branch: REL9_4_STABLE [6f1e443a6] 2020-02-10 12:14:58 -0300
-->
<para>
Apply more thorough syntax checking
to <application>createuser</application>'s
<option>--connection-limit</option> option (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master [215824f91] 2020-01-26 14:31:08 -0500
Branch: REL_12_STABLE [7294f99a0] 2020-01-26 14:31:08 -0500