|
23 | 23 | </para> |
24 | 24 |
|
25 | 25 | <para> |
26 | | - However, see thefirst two changelog items below, |
| 26 | + However, see thesecond and third changelog items below, |
27 | 27 | which describe cases in which reindexing indexes after the upgrade |
28 | 28 | may be advisable. |
29 | 29 | </para> |
|
42 | 42 | <listitem> |
43 | 43 | <!-- |
44 | 44 | Author: Heikki Linnakangas <heikki.linnakangas@iki.fi> |
| 45 | +Branch: master [6214e2b22] 2021-02-08 11:01:51 +0200 |
| 46 | +Branch: REL_13_STABLE [8e56684d5] 2021-02-08 11:01:55 +0200 |
| 47 | +Branch: REL_12_STABLE [f50e88899] 2021-02-08 11:01:55 +0200 |
| 48 | +Branch: REL_11_STABLE [cb5868cc1] 2021-02-08 11:01:55 +0200 |
| 49 | +--> |
| 50 | + <para> |
| 51 | + Fix information leakage in constraint-violation error messages |
| 52 | + (Heikki Linnakangas) |
| 53 | + </para> |
| 54 | + |
| 55 | + <para> |
| 56 | + If an <command>UPDATE</command> command attempts to move a row to a |
| 57 | + different partition but finds that it violates some constraint on |
| 58 | + the new partition, and the columns in that partition are in |
| 59 | + different physical positions than in the parent table, the error |
| 60 | + message could reveal the contents of columns that the user does not |
| 61 | + have <literal>SELECT</literal> privilege on. |
| 62 | + (CVE-2021-3393) |
| 63 | + </para> |
| 64 | + </listitem> |
| 65 | + |
| 66 | + <listitem> |
| 67 | +<!-- |
| 68 | +Author: Heikki Linnakangas <heikki.linnakangas@iki.fi> |
45 | 69 | Branch: master [6b4d3046f] 2021-01-20 11:58:03 +0200 |
46 | 70 | Branch: REL_13_STABLE [b8403d140] 2021-01-20 11:58:25 +0200 |
47 | 71 | Branch: REL_12_STABLE [0326635dd] 2021-01-20 11:58:27 +0200 |
|