database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-17 06:41:09 +03:00
Code Activity

Fix markup.

Browse Source 
Security: CVE-2007-2138
This commit is contained in:
Tom Lane
2007-04-20 03:27:34 +00:00
parent e05d9875b2
commit ce8a3e6c88
1 changed files with 6 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/src/sgml/release.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.9 2007/04/20 02:37:48 tgl Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.488.2.10 2007/04/20 03:27:34 tgl Exp $ -->
<!--
Typical markup:
@ -73,8 +73,7 @@ do it for earlier branch release files.
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -3106,8 +3105,7 @@ do it for earlier branch release files.
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -6146,8 +6144,7 @@ psql -t -f fixseq.sql db1 | psql -e db1
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -9656,8 +9653,7 @@ typedefs (Michael)</para></listitem>
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -12843,8 +12839,7 @@ DROP SCHEMA information_schema CASCADE;
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>