From 3354bd5e2ba921d8267dbd6cac90b491a4f27cae Mon Sep 17 00:00:00 2001
From: Tom Lane
Date: Mon, 5 Aug 2019 11:49:14 -0400
Subject: Last-minute updates for release notes.
Security: CVE-2019-10208, CVE-2019-10209
---
doc/src/sgml/release-9.6.sgml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
(limited to 'doc/src')
diff --git a/doc/src/sgml/release-9.6.sgml b/doc/src/sgml/release-9.6.sgml
index bd3a024c312..549f9245f03 100644
--- a/doc/src/sgml/release-9.6.sgml
+++ b/doc/src/sgml/release-9.6.sgml
@@ -35,6 +35,36 @@
+
+ Require schema qualification to cast to a temporary type when using
+ functional cast syntax (Noah Misch)
+
+
+
+ We have long required invocations of temporary functions to
+ explicitly specify the temporary schema, that
+ is pg_temp.func_name(args).
+ Require this as well for casting to temporary types using functional
+ notation, for
+ example pg_temp.type_name(arg).
+ Otherwise it's possible to capture a function call using a temporary
+ object, allowing privilege escalation in much the same ways that we
+ blocked in CVE-2007-2138.
+ (CVE-2019-10208)
+
+
+
+
+