Log Message: ----------- Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553). Also fix related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, the Assert-crash risk exists in all releases back to 7.3. Thanks to Akio Ishida for reporting this problem. Modified Files: -------------- pgsql/src/backend/commands: variable.c (r1.115 -> r1.116) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/variable.c.diff?r1=1.115&r2=1.116) pgsql/src/backend/utils/mb: encnames.c (r1.27 -> r1.28) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/encnames.c.diff?r1=1.27&r2=1.28) pgsql/src/backend/utils/misc: guc.c (r1.310 -> r1.311) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c.diff?r1=1.310&r2=1.311) pgsql/src/include/utils: guc_tables.h (r1.20 -> r1.21) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/guc_tables.h.diff?r1=1.20&r2=1.21)
pgsql-committers by date:
Соглашаюсь с условиями обработки персональных данных