8000 Last-minute updates for release notes. · tinyms/postgres@f1a3368 · GitHub
[go: up one dir, main page]
Skip to content

Commit f1a3368

Browse files
tglsfdctglsfdc
committed
Last-minute updates for release notes.
Security: CVE-2020-1720
1 parent ca902ad commit f1a3368

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

doc/src/sgml/release-11.sgml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,30 @@
3636
<listitem>
3737
<!--
3838
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
39+
Branch: master [b048f558d] 2020-02-10 11:47:09 -0300
40+
Branch: REL_12_STABLE [2ad125322] 2020-02-10 11:47:09 -0300
41+
Branch: REL_11_STABLE [bdd19e48a] 2020-02-10 11:47:09 -0300
42+
Branch: REL_10_STABLE [ac1a998ed] 2020-02-10 11:47:09 -0300
43+
Branch: REL9_6_STABLE [e8b8eb937] 2020-02-10 12:06:25 -0300
44+
-->
45+
<para>
46+
Add missing permissions checks for <command>ALTER ... DEPENDS ON
47+
EXTENSION</command> (&Aacute;lvaro Herrera)
48+
</para>
49+
50+
<para>
51+
Marking an object as dependent on an extension did not have any
52+
privilege check whatsoever. This oversight allowed any user to mark
53+
routines, triggers, materialized views, or indexes as droppable by
54+
anyone able to drop an extension. Require that the calling user own
55+
the specified object (and hence have privilege to drop it).
56+
(CVE-2020-1720)
57+
</para>
58+
</listitem>
59+
60+
<listitem>
61+
<!--
62+
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
3963
Branch: master [1fa846f1c] 2020-01-02 17:04:24 -0300
4064
Branch: REL_12_STABLE [d73214839] 2020-01-02 17:04:24 -0300
4165
Branch: REL_11_STABLE [adc9cb6f2] 2020-01-02 17:04:24 -0300
@@ -925,6 +949,24 @@ Branch: REL9_4_STABLE [56c06999d] 2019-11-13 11:35:37 -0500
925949

926950
<listitem>
927951
<!--
952+
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
953+
Branch: master [8fa8e0115] 2020-02-10 12:14:58 -0300
954+
Branch: REL_12_STABLE [87d014da9] 2020-02-10 12:14:58 -0300
955+
Branch: REL_11_STABLE [ca902add6] 2020-02-10 12:14:58 -0300
956+
Branch: REL_10_STABLE [163161723] 2020-02-10 12:14:58 -0300
957+
Branch: REL9_6_STABLE [5575fc208] 2020-02-10 12:14:58 -0300
958+
Branch: REL9_5_STABLE [1b2ae4bcd] 2020-02-10 12:16:40 -0300
959+
Branch: REL9_4_STABLE [6f1e443a6] 2020-02-10 12:14:58 -0300
960+
-->
961+
<para>
962+
Apply more thorough syntax checking
963+
to <application>createuser</application>'s
964+
<option>--connection-limit</option> option (&Aacute;lvaro Herrera)
965+
</para>
966+
</listitem>
967+
968+
<listitem>
969+
<!--
928970
Author: Tom Lane <tgl@sss.pgh.pa.us>
929971
Branch: master [4ba4bfaf2] 2019-12-26 15:19:39 -0500
930972
Branch: REL_12_STABLE [883c27a1c] 2019-12-26 15:19:39 -0500

0 commit comments

Comments
 (0)
0