projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 87d014d)
Last-minute updates for release notes.
authorTom Lane
Mon, 10 Feb 2020 17:51:07 +0000 (12:51 -0500)
committerTom Lane
Mon, 10 Feb 2020 17:51:07 +0000 (12:51 -0500)
Security: CVE-2020-1720

doc/src/sgml/release-12.sgml patch | blob | blame | history

diff --git a/doc/src/sgml/release-12.sgml b/doc/src/sgml/release-12.sgml
index 79548ed83c539e459e3665237541e6ea503fb3b8..cadbbfd3de3fcafd76f6bcdafd4c85657270323f 100644 (file)
--- a/doc/src/sgml/release-12.sgml
+++ b/doc/src/sgml/release-12.sgml
@@ -37,6 +37,30 @@
     
 
+     
+      Add missing permissions checks for ALTER ... DEPENDS ON
+      EXTENSION (Álvaro Herrera)
+     
+
+     
+      Marking an object as dependent on an extension did not have any
+      privilege check whatsoever.  This oversight allowed any user to mark
+      routines, triggers, materialized views, or indexes as droppable by
+      anyone able to drop an extension.  Require that the calling user own
+      the specified object (and hence have privilege to drop it).
+      (CVE-2020-1720)
+     
+    
+
+    
+
@@ -1201,6 +1225,24 @@ Branch: REL9_4_STABLE [56c06999d] 2019-11-13 11:35:37 -0500
 
     
 
+     
+      Apply more thorough syntax checking
+      to createuser's
+       option (Álvaro Herrera)
+     
+    
+
+    
+