database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-31 22:04:40 +03:00
Code Activity

Fix markup.

Browse Source 
Security: CVE-2007-2138
This commit is contained in:
Tom Lane
2007-04-20 03:28:05 +00:00
parent 8294203637
commit 9903eaf7a1
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
doc/src/sgml/release.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.53 2007/04/20 02:38:44 tgl Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.54 2007/04/20 03:28:05 tgl Exp $
--> -->
<appendix id="release"> <appendix id="release">
@ -45,8 +45,7 @@ $Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.235.2.53 2007/04/20 02:38:
truly secure value of <varname>search_path</>. Without it, truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138). with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction" See <command>CREATE FUNCTION</> for more information.
endterm="sql-createfunction-title"> for more information.
</para> </para>
</listitem> </listitem>
@ -3230,8 +3229,7 @@ DROP SCHEMA information_schema CASCADE;
truly secure value of <varname>search_path</>. Without it, truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138). with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction" See <command>CREATE FUNCTION</> for more information.
endterm="sql-createfunction-title"> for more information.
</para> </para>
</listitem> </listitem>