- Notifications
You must be signed in to change notification settings - Fork67
CVE-2020-14350#222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
CVE-2020-14350#222
Uh oh!
There was an error while loading.Please reload this page.
Conversation
codecovbot commentedOct 27, 2020 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Codecov Report
@@ Coverage Diff @@## master #222 +/- ##======================================= Coverage 91.87% 91.87% ======================================= Files 40 40 Lines 7052 7052 ======================================= Hits 6479 6479 Misses 573 573
Continue to review full report at Codecov.
|
- Explicit casts to ensure exact match to pathman functions instead of pwning ones.- Explicit use of @extschema@ and pg_catalog schemas where possible (except for operators).- Replace unsafe OR REPLACE clause.This is believed to remove the possibility of malicious internal functions overloading.For more information, see the documentation:37.17.6.2. Security Considerations for Extension Scripts (https://www.postgresql.org/docs/current/extend-extensions.html#EXTEND-EXTENSIONS-SECURITY)5.9.6. Usage Patterns (https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATTERNS)
arssher commentedNov 8, 2020 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
I've reworded the readme and commit message bit. |
Fix forCVE-2020-14350 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14350)
See also Postgres commit 7eeb1d986.
Thanks to Alexander Lakhin.