mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-10-06 15:37:01 +02:00
Last-minute updates for release notes.
Security: CVE-2021-3393, CVE-2021-20229
This commit is contained in:
parent
cb5868cc1b
commit
934b850847
@ -23,7 +23,7 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
However, see the first changelog item below,
|
||||
However, see the second changelog item below,
|
||||
which describes cases in which reindexing indexes after the upgrade
|
||||
may be advisable.
|
||||
</para>
|
||||
@ -41,6 +41,30 @@
|
||||
|
||||
<listitem>
|
||||
<!--
|
||||
Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
|
||||
Branch: master [6214e2b22] 2021-02-08 11:01:51 +0200
|
||||
Branch: REL_13_STABLE [8e56684d5] 2021-02-08 11:01:55 +0200
|
||||
Branch: REL_12_STABLE [f50e88899] 2021-02-08 11:01:55 +0200
|
||||
Branch: REL_11_STABLE [cb5868cc1] 2021-02-08 11:01:55 +0200
|
||||
-->
|
||||
<para>
|
||||
Fix information leakage in constraint-violation error messages
|
||||
(Heikki Linnakangas)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If an <command>UPDATE</command> command attempts to move a row to a
|
||||
different partition but finds that it violates some constraint on
|
||||
the new partition, and the columns in that partition are in
|
||||
different physical positions than in the parent table, the error
|
||||
message could reveal the contents of columns that the user does not
|
||||
have <literal>SELECT</literal> privilege on.
|
||||
(CVE-2021-3393)
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<!--
|
||||
Author: Noah Misch <noah@leadboat.com>
|
||||
Branch: master [8a54e12a3] 2021-01-30 00:00:27 -0800
|
||||
Branch: REL_13_STABLE [86a5b309c] 2021-01-30 00:00:42 -0800
|
||||
|
Loading…
Reference in New Issue
Block a user