Re: Fwd: Problem with a "complex" upsert
| От | Mario de Frutos Dieguez |
|---|---|
| Тема | Re: Fwd: Problem with a "complex" upsert |
| Дата | |
| Msg-id | CADc-R5g36yxw2=ALb0KMC3p6hF=VCCrdq=srWB7fL+0xNwt+1Q@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Fwd: Problem with a "complex" upsert (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Wow glad to have discovered it by chance! Great news to have it fixed :)))) 2018-08-06 18:41 GMT+02:00 Tom Lane <tgl@sss.pgh.pa.us>: > I wrote: >> Attached is our finished patch against HEAD. This is pretty much all >> Dean's work, but I'm posting it on his behalf because it's late in the UK >> and he's gone offline for the day. In the interests of getting a >> full set of buildfarm testing on the patch before Monday's wrap deadline, >> I'm going to finish up back-porting the patch and push it tonight. > > Final(?) note on this thread --- the security team realized over the > weekend that this bug constitutes a security issue, because you can do > more than crash the server. We don't normally consider simple crashes > as being CVE-worthy problems, but in this case, there's potential for > datatype confusion, which can be leveraged to allow disclosure of server > memory (as we've seen in other bugs before). We also realized that it's > possible to update a column you supposedly don't have privilege to update, > as long as there's some other column you do. > > We've retroactively obtained a CVE number and will be describing this as > a security problem in the release notes. > > regards, tom lane >
В списке pgsql-bugs по дате отправления: