rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-10-08 06:36:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Last-minute updates for release notes.

Browse Source 
Security: CVE-2020-1720
This commit is contained in:
Tom Lane 2020-02-10 12:51:07 -05:00
parent ca902add69
commit f1a336887e
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
doc/src/sgml/release-11.sgml
View File

@ -36,6 +36,30 @@
<listitem> <listitem>
<!-- <!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org> Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: master [b048f558d] 2020-02-10 11:47:09 -0300
Branch: REL_12_STABLE [2ad125322] 2020-02-10 11:47:09 -0300
Branch: REL_11_STABLE [bdd19e48a] 2020-02-10 11:47:09 -0300
Branch: REL_10_STABLE [ac1a998ed] 2020-02-10 11:47:09 -0300
Branch: REL9_6_STABLE [e8b8eb937] 2020-02-10 12:06:25 -0300
-->
<para>
Add missing permissions checks for <command>ALTER ... DEPENDS ON
EXTENSION</command> (&Aacute;lvaro Herrera)
</para>
<para>
Marking an object as dependent on an extension did not have any
privilege check whatsoever. This oversight allowed any user to mark
routines, triggers, materialized views, or indexes as droppable by
anyone able to drop an extension. Require that the calling user own
the specified object (and hence have privilege to drop it).
(CVE-2020-1720)
</para>
</listitem>
<listitem>
<!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: master [1fa846f1c] 2020-01-02 17:04:24 -0300 Branch: master [1fa846f1c] 2020-01-02 17:04:24 -0300
Branch: REL_12_STABLE [d73214839] 2020-01-02 17:04:24 -0300 Branch: REL_12_STABLE [d73214839] 2020-01-02 17:04:24 -0300
Branch: REL_11_STABLE [adc9cb6f2] 2020-01-02 17:04:24 -0300 Branch: REL_11_STABLE [adc9cb6f2] 2020-01-02 17:04:24 -0300
@ -925,6 +949,24 @@ Branch: REL9_4_STABLE [56c06999d] 2019-11-13 11:35:37 -0500
<listitem> <listitem>
<!-- <!--
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
Branch: master [8fa8e0115] 2020-02-10 12:14:58 -0300
Branch: REL_12_STABLE [87d014da9] 2020-02-10 12:14:58 -0300
Branch: REL_11_STABLE [ca902add6] 2020-02-10 12:14:58 -0300
Branch: REL_10_STABLE [163161723] 2020-02-10 12:14:58 -0300
Branch: REL9_6_STABLE [5575fc208] 2020-02-10 12:14:58 -0300
Branch: REL9_5_STABLE [1b2ae4bcd] 2020-02-10 12:16:40 -0300
Branch: REL9_4_STABLE [6f1e443a6] 2020-02-10 12:14:58 -0300
-->
<para>
Apply more thorough syntax checking
to <application>createuser</application>'s
<option>--connection-limit</option> option (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us> Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master [4ba4bfaf2] 2019-12-26 15:19:39 -0500 Branch: master [4ba4bfaf2] 2019-12-26 15:19:39 -0500
Branch: REL_12_STABLE [883c27a1c] 2019-12-26 15:19:39 -0500 Branch: REL_12_STABLE [883c27a1c] 2019-12-26 15:19:39 -0500