Skip site navigation (1) Skip section navigation (2)

pgsql: Fix bug in SET SESSION AUTHORIZATION that allows unprivileged

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Fix bug in SET SESSION AUTHORIZATION that allows unprivileged
Date: 2006-02-12 22:33:14
Message-ID: 20060212223314.B563D9DC8AC@postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Fix bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash
the server, if it has been compiled with Asserts enabled (CVE-2006-0553).
Thanks to Akio Ishida for reporting this problem.

Tags:
----
REL8_0_STABLE

Modified Files:
--------------
    pgsql/src/backend/commands:
        variable.c (r1.105.4.2 -> r1.105.4.3)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/variable.c.diff?r1=1.105.4.2&r2=1.105.4.3)
    pgsql/src/backend/utils/mb:
        encnames.c (r1.22 -> r1.22.4.1)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/encnames.c.diff?r1=1.22&r2=1.22.4.1)
    pgsql/src/backend/utils/misc:
        guc.c (r1.252.4.2 -> r1.252.4.3)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c.diff?r1=1.252.4.2&r2=1.252.4.3)
    pgsql/src/include/utils:
        guc_tables.h (r1.19 -> r1.19.4.1)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/guc_tables.h.diff?r1=1.19&r2=1.19.4.1)

pgsql-committers by date

Next:From: Tom LaneDate: 2006-02-12 22:33:29
Subject: pgsql: Fix bug in SET SESSION AUTHORIZATION that allows unprivileged
Previous:From: Tom LaneDate: 2006-02-12 22:32:57
Subject: pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group