89e0bac86d
pg_dump was incautious about sanitizing object names that are emitted within SQL comments in its output script. A name containing a newline would at least render the script syntactically incorrect. Maliciously crafted object names could present a SQL injection risk when the script is reloaded. Reported by Heikki Linnakangas, patch by Robert Haas Security: CVE-2012-0868 |
||
---|---|---|
.. | ||
initdb | ||
pg_basebackup | ||
pg_config | ||
pg_controldata | ||
pg_ctl | ||
pg_dump | ||
pg_resetxlog | ||
pgevent | ||
psql | ||
scripts | ||
Makefile |