database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-09 17:03:00 +03:00
Code Activity

Fix markup.

Browse Source 
Security: CVE-2007-2138
This commit is contained in:
Tom Lane
2007-04-20 03:27:54 +00:00
parent 566331a2e9
commit cfe1b04c66
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
doc/src/sgml/release.sgml
View File

@@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.321.4.35 2007/04/20 02:38:31 tgl Exp $
$PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.321.4.36 2007/04/20 03:27:54 tgl Exp $
-->
<appendix id="release">
@@ -45,8 +45,7 @@ $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.321.4.35 2007/04/20 02:38:31 tg
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@@ -3554,8 +3553,7 @@ typedefs (Michael)</para></listitem>
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@@ -6739,8 +6737,7 @@ DROP SCHEMA information_schema CASCADE;
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>