| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | abcxiaod(at)126(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: BUG #16448: Remote code execution vulnerability |
| Date: | 2020-05-18 14:22:56 |
| Message-ID: | CAKFQuwaSYf+upv63s3VuP49ZoPDUOmH_PNY7JSTWL-SNtocvbQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Mon, May 18, 2020 at 2:41 AM PG Bug reporting form <
noreply(at)postgresql(dot)org> wrote:
> The following bug has been logged on the website:
>
> Bug reference: 16448
> Logged by: yi Ding
> Email address: abcxiaod(at)126(dot)com
> PostgreSQL version: 10.12
> Operating system: linux
> Description:
>
> A common user created a function in the public space and added some
> malicious codes in the function, when other users with superuser rights
> call
> this function, the malicious code will be executed , so as to achieve the
> purpose of remote malicious code execution.
>
The project respectfully requests that security related concerns be
reported to the security list as opposed to the public bug report listing.
https://www.postgresql.org/support/
security(at)postgresql(dot)org
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2020-05-18 14:57:26 | Re: BUG #16441: Cannot multi-insert into generated column with DEFAULT value |
| Previous Message | Heikki Linnakangas | 2020-05-18 09:49:51 | Re: BUG #16448: Remote code execution vulnerability |