I wrote:
> Attached is our finished patch against HEAD. This is pretty much all
> Dean's work, but I'm posting it on his behalf because it's late in the UK
> and he's gone offline for the day. In the interests of getting a
> full set of buildfarm testing on the patch before Monday's wrap deadline,
> I'm going to finish up back-porting the patch and push it tonight.
Final(?) note on this thread --- the security team realized over the
weekend that this bug constitutes a security issue, because you can do
more than crash the server. We don't normally consider simple crashes
as being CVE-worthy problems, but in this case, there's potential for
datatype confusion, which can be leveraged to allow disclosure of server
memory (as we've seen in other bugs before). We also realized that it's
possible to update a column you supposedly don't have privilege to update,
as long as there's some other column you do.
We've retroactively obtained a CVE number and will be describing this as
a security problem in the release notes.
regards, tom lane