From 4908df4a609aa1f2b3def968fe5b94a74cfde214 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 5 Aug 2019 11:49:14 -0400 Subject: [PATCH] Last-minute updates for release notes. Security: CVE-2019-10208, CVE-2019-10209 --- doc/src/sgml/release-9.4.sgml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml index 8fde65b27fd..36ef9009e67 100644 --- a/doc/src/sgml/release-9.4.sgml +++ b/doc/src/sgml/release-9.4.sgml @@ -41,6 +41,36 @@ + + Require schema qualification to cast to a temporary type when using + functional cast syntax (Noah Misch) + + + + We have long required invocations of temporary functions to + explicitly specify the temporary schema, that + is pg_temp.func_name(args). + Require this as well for casting to temporary types using functional + notation, for + example pg_temp.type_name(arg). + Otherwise it's possible to capture a function call using a temporary + object, allowing privilege escalation in much the same ways that we + blocked in CVE-2007-2138. + (CVE-2019-10208) + + + + +