"Ken Ashcraft" <ken@coverity.com> writes:
>> ... thus opening up the problem to anyone who can get past the
>> initial postmaster authentication check. So this is more severe than we
>> first thought.
> Great. Thanks for the feedback. If it is serious, is an advisory in order?
No, we'll just push out the fix as part of the next update version
(though that may happen a little sooner than it would have otherwise).
Sensible people don't give direct database connections to untrustworthy
users in the first place, since there are so many ways you can cause
problems if you can issue random SQL commands ...
regards, tom lane