From da21a3a7d5d37e34f2adef07b1f2f6231d61c3cc Mon Sep 17 00:00:00 2001
From: Tom Lane
Date: Mon, 5 Feb 2024 11:51:11 -0500
Subject: Last-minute updates for release notes.

Security: CVE-2024-0985 (not CVE-2023-5869 as claimed in prior commit msg)
---
 doc/src/sgml/release-16.sgml | 44 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'doc/src')
diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml
index a380b7d4fad..fa6dae79b9f 100644
--- a/doc/src/sgml/release-16.sgml
+++ b/doc/src/sgml/release-16.sgml
@@ -41,6 +41,50 @@
 
     <listitem>
 <!--
+Author: Heikki Linnakangas <heikki.linnakangas@iki.fi>
+Branch: master [5a9167c39] 2024-02-05 11:01:23 +0200
+Branch: REL_16_STABLE [d6a61cb3b] 2024-02-05 11:02:56 +0200
+Branch: REL_15_STABLE [f2fdea198] 2024-02-05 11:03:26 +0200
+Branch: REL_14_STABLE [f4f288352] 2024-02-05 11:03:43 +0200
+Branch: REL_13_STABLE [d541ce3b6] 2024-02-05 11:04:08 +0200
+Branch: REL_12_STABLE [2699fc035] 2024-02-05 11:04:22 +0200
+Branch: master [b96115acb] 2024-02-05 11:01:30 +0200
+Branch: REL_16_STABLE [fb3836855] 2024-02-05 11:03:03 +0200
+Branch: REL_15_STABLE [06f36bc01] 2024-02-05 11:03:28 +0200
+Branch: REL_14_STABLE [a45c950ae] 2024-02-05 11:03:43 +0200
+Branch: REL_13_STABLE [b73d21648] 2024-02-05 11:04:10 +0200
+Branch: REL_12_STABLE [add8bc9b8] 2024-02-05 11:04:23 +0200
+-->
+     <para>
+      Tighten security restrictions within <command>REFRESH MATERIALIZED
+      VIEW CONCURRENTLY</command> (Heikki Linnakangas)
+     </para>
+
+     <para>
+      One step of a concurrent refresh command was run under weak security
+      restrictions.  If a materialized view's owner could persuade a
+      superuser or other high-privileged user to perform a concurrent
+      refresh on that view, the view's owner could control code executed
+      with the privileges of the user running <command>REFRESH</command>.
+      Fix things so that all user-determined code is run as the view's
+      owner, as expected.
+     </para>
+
+     <para>
+      The only known exploit for this error does not work
+      in <productname>PostgreSQL</productname> 16.0 and later, so it may
+      be that v16 is not vulnerable in practice.
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks Pedro
+      Gallegos for reporting this problem.
+      (CVE-2024-0985) <!-- not CVE-2023-5869 as claimed in commit msg -->
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Daniel Gustafsson <dgustafsson@postgresql.org>
 Branch: master [9dce22033] 2023-09-27 13:02:21 +0200
 Branch: REL_16_STABLE [2cf50585e] 2023-11-17 10:18:38 +0100
-- 
cgit v1.2.3

