From: Tom Lane Date: Mon, 5 Aug 2019 15:49:14 +0000 (-0400) Subject: Last-minute updates for release notes. X-Git-Tag: REL9_4_24~1 X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=4908df4a609aa1f2b3def968fe5b94a74cfde214;p=postgresql.git Last-minute updates for release notes. Security: CVE-2019-10208, CVE-2019-10209 --- diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml index 8fde65b27fd..36ef9009e67 100644 --- a/doc/src/sgml/release-9.4.sgml +++ b/doc/src/sgml/release-9.4.sgml @@ -41,6 +41,36 @@ + + Require schema qualification to cast to a temporary type when using + functional cast syntax (Noah Misch) + + + + We have long required invocations of temporary functions to + explicitly specify the temporary schema, that + is pg_temp.func_name(args). + Require this as well for casting to temporary types using functional + notation, for + example pg_temp.type_name(arg). + Otherwise it's possible to capture a function call using a temporary + object, allowing privilege escalation in much the same ways that we + blocked in CVE-2007-2138. + (CVE-2019-10208) + + + + +