The description of CVE-2023-5870 mentions pg_cancel_backend role instead
of pg_signal_backend. [1]
The release notes at this place are correct.
1. https://www.postgresql.org/support/security/CVE-2023-5870/
P.S. I'm not sure if this is the right list for such reporting.
--
Pavel Luzanov
Postgres Professional: https://postgrespro.com
On 11/12/23 6:24 AM, Pavel Luzanov wrote:
> The description of CVE-2023-5870 mentions pg_cancel_backend role instead
> of pg_signal_backend. [1]
>
> The release notes at this place are correct.
>
> 1. https://www.postgresql.org/support/security/CVE-2023-5870/
Fixed in the appropriate places. I believe I copied the text incorrectly
from the CVE filing, so I'll work with upstream to correct that too.
Thanks for reporting!
Jonathan