| Description |
This updates PostreSQL to version 9.6.17, which among others addresses the
following security issue:
* Add missing permissions checks for `ALTER ... DEPENDS ON EXTENSION`.
Marking an object as dependent on an extension did not have any privilege
check whatsoever. This oversight allowed any user to mark routines,
triggers, materialized views, or indexes as droppable by anyone able to
drop an extension. Require that the calling user own the specified object
(and hence have privilege to drop it). (CVE-2020-1720) |
