Re: Fwd: Problem with a "complex" upsert - Mailing list pgsql-bugs

From Tom Lane
Subject Re: Fwd: Problem with a "complex" upsert
Date
Msg-id 22577.1533573681@sss.pgh.pa.us
Whole thread Raw
In response to Re: Fwd: Problem with a "complex" upsert  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Fwd: Problem with a "complex" upsert
List pgsql-bugs
I wrote:
> Attached is our finished patch against HEAD.  This is pretty much all
> Dean's work, but I'm posting it on his behalf because it's late in the UK
> and he's gone offline for the day.  In the interests of getting a
> full set of buildfarm testing on the patch before Monday's wrap deadline,
> I'm going to finish up back-porting the patch and push it tonight.

Final(?) note on this thread --- the security team realized over the
weekend that this bug constitutes a security issue, because you can do
more than crash the server.  We don't normally consider simple crashes
as being CVE-worthy problems, but in this case, there's potential for
datatype confusion, which can be leveraged to allow disclosure of server
memory (as we've seen in other bugs before).  We also realized that it's
possible to update a column you supposedly don't have privilege to update,
as long as there's some other column you do.

We've retroactively obtained a CVE number and will be describing this as
a security problem in the release notes.

            regards, tom lane


pgsql-bugs by date:

Previous
From: "David G. Johnston"
Date:
Subject: Re: Docker image of 11~beta2-2 orders strings case-insensitively
Next
From: Mario de Frutos Dieguez
Date:
Subject: Re: Fwd: Problem with a "complex" upsert