Skip to content

Commit 1eaeb02

Browse files
tglsfdctglsfdc
committed
Last-minute updates for release notes.
Security: CVE-2018-16850
1 parent dc3e436 commit 1eaeb02

File tree

2 files changed

+84
-22
lines changed

2 files changed

+84
-22
lines changed

doc/src/sgml/release-10.sgml

Lines changed: 33 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,20 @@
3838

3939
<itemizedlist>
4040

41+
<listitem>
42+
<para>
43+
Ensure proper quoting of transition table names
44+
when <application>pg_dump</application> emits <command>CREATE TRIGGER
45+
... REFERENCING</command> commands (Tom Lane)
46+
</para>
47+
48+
<para>
49+
This oversight could be exploited by an unprivileged user to gain
50+
superuser privileges during the next dump/reload
51+
or <application>pg_upgrade</application> run. (CVE-2018-16850)
52+
</para>
53+
</listitem>
54+
4155
<listitem>
4256
<!--
4357
Author: Tom Lane <tgl@sss.pgh.pa.us>
@@ -202,6 +216,25 @@ Branch: REL9_3_STABLE [591d0ac88] 2018-09-15 13:42:34 -0400
202216
</para>
203217
</listitem>
204218

219+
<listitem>
220+
<para>
221+
Prevent creation of a partition in a trigger attached to its parent
222+
table (Amit Langote)
223+
</para>
224+
225+
<para>
226+
Ideally we'd allow that, but for the moment it has to be blocked to
227+
avoid crashes.
228+
</para>
229+
</listitem>
230+
231+
<listitem>
232+
<para>
233+
Fix problems with applying <literal>ON COMMIT DELETE ROWS</literal> to
234+
a partitioned temporary table (Amit Langote)
235+
</para>
236+
</listitem>
237+
205238
<listitem>
206239
<para>
207240
Fix character-class checks to not fail on Windows for Unicode
@@ -899,14 +932,6 @@ Branch: REL_10_STABLE [cb282eab1] 2018-08-22 14:23:03 +0900
899932
</para>
900933
</listitem>
901934

902-
<listitem>
903-
<para>
904-
Ensure proper quoting of transition table names
905-
when <application>pg_dump</application> emits <command>CREATE TRIGGER
906-
... REFERENCING</command> commands (Tom Lane)
907-
</para>
908-
</listitem>
909-
910935
<listitem>
911936
<!--
912937
Author: Tom Lane <tgl@sss.pgh.pa.us>

doc/src/sgml/release-11.sgml

Lines changed: 51 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,26 @@
3535

3636
<listitem>
3737
<!--
38+
Author: Tom Lane <tgl@sss.pgh.pa.us>
39+
Branch: master [350410be4] 2018-10-19 00:50:16 -0400
40+
Branch: REL_11_STABLE [06292bb94] 2018-10-19 00:50:16 -0400
41+
Branch: REL_10_STABLE [09397f0ed] 2018-10-19 00:50:17 -0400
42+
-->
43+
<para>
44+
Ensure proper quoting of transition table names
45+
when <application>pg_dump</application> emits <command>CREATE TRIGGER
46+
... REFERENCING</command> commands (Tom Lane)
47+
</para>
48+
49+
<para>
50+
This oversight could be exploited by an unprivileged user to gain
51+
superuser privileges during the next dump/reload
52+
or <application>pg_upgrade</application> run. (CVE-2018-16850)
53+
</para>
54+
</listitem>
55+
56+
<listitem>
57+
<!--
3858
Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
3959
Branch: master [dfa608141] 2018-11-03 13:25:19 -0300
4060
Branch: REL_11_STABLE [33e6c34c3] 2018-11-03 13:25:29 -0300
@@ -132,6 +152,37 @@ Branch: REL_11_STABLE [6eb31cedb] 2018-11-03 16:00:00 -0700
132152

133153
<listitem>
134154
<!--
155+
Author: Michael Paquier <michael@paquier.xyz>
156+
Branch: master [dc3e436b1] 2018-11-05 11:04:02 +0900
157+
Branch: REL_11_STABLE [7c222d5e5] 2018-11-05 11:04:14 +0900
158+
Branch: REL_10_STABLE [8aad248f7] 2018-11-05 11:04:20 +0900
159+
-->
160+
<para>
161+
Prevent creation of a partition in a trigger attached to its parent
162+
table (Amit Langote)
163+
</para>
164+
165+
<para>
166+
Ideally we'd allow that, but for the moment it has to be blocked to
167+
avoid crashes.
168+
</para>
169+
</listitem>
170+
171+
<listitem>
172+
<!--
173+
Author: Michael Paquier <michael@paquier.xyz>
174+
Branch: master [4bc772e2a] 2018-11-05 09:14:33 +0900
175+
Branch: REL_11_STABLE [948af5232] 2018-11-05 09:15:08 +0900
176+
Branch: REL_10_STABLE [70c38e708] 2018-11-05 09:15:25 +0900
177+
-->
178+
<para>
179+
Fix problems with applying <literal>ON COMMIT DELETE ROWS</literal> to
180+
a partitioned temporary table (Amit Langote)
181+
</para>
182+
</listitem>
183+
184+
<listitem>
185+
<!--
135186
Author: Tom Lane <tgl@sss.pgh.pa.us>
136187
Branch: master [981dc2baa] 2018-11-03 13:56:10 -0400
137188
Branch: REL_11_STABLE [bf4a9562e] 2018-11-03 13:56:10 -0400
@@ -233,20 +284,6 @@ Branch: REL9_5_STABLE [ac3be116a] 2018-10-19 22:22:57 -0400
233284

234285
<listitem>
235286
<!--
236-
Author: Tom Lane <tgl@sss.pgh.pa.us>
237-
Branch: master [350410be4] 2018-10-19 00:50:16 -0400
238-
Branch: REL_11_STABLE [06292bb94] 2018-10-19 00:50:16 -0400
239-
Branch: REL_10_STABLE [09397f0ed] 2018-10-19 00:50:17 -0400
240-
-->
241-
<para>
242-
Ensure proper quoting of transition table names
243-
when <application>pg_dump</application> emits <command>CREATE TRIGGER
244-
... REFERENCING</command> commands (Tom Lane)
245-
</para>
246-
</listitem>
247-
248-
<listitem>
249-
<!--
250287
Author: Michael Paquier <michael@paquier.xyz>
251288
Branch: master [d55241af7] 2018-10-19 22:44:12 +0900
252289
Branch: REL_11_STABLE [cc7f27eae] 2018-10-19 22:45:07 +0900

0 commit comments

Comments
 (0)