rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix markup. 

Security: CVE-2007-2138
This commit is contained in:
Tom Lane 2007-04-20 03:27:23 +00:00
parent aa27977fe2
commit 23c8b0ccc6
1 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/src/sgml/release.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.501 2007/04/20 02:37:37 tgl Exp $ -->
<!-- $PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.502 2007/04/20 03:27:23 tgl Exp $ -->
<!--
Typical markup:
@ -73,8 +73,7 @@ do it for earlier branch release files.
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -3106,8 +3105,7 @@ do it for earlier branch release files.
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -6146,8 +6144,7 @@ psql -t -f fixseq.sql db1 | psql -e db1
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -9656,8 +9653,7 @@ typedefs (Michael)</para></listitem>
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>
@ -12843,8 +12839,7 @@ DROP SCHEMA information_schema CASCADE;
truly secure value of <varname>search_path</>. Without it,
an unprivileged SQL user can use temporary objects to execute code
with the privileges of the security-definer function (CVE-2007-2138).
See <xref linkend="sql-createfunction"
endterm="sql-createfunction-title"> for more information.
See <command>CREATE FUNCTION</> for more information.
</para>
</listitem>