Last-minute updates for release notes.

Security: CVE-2018-16850

diff --git a/doc/src/sgml/release-10.sgml b/doc/src/sgml/release-10.sgml
index 12e9df753cba7696142de72e15fada40dab63dae..372307c250a9a67f5f4d59fa287629fc9ae8226c 100644 (file)
--- a/doc/src/sgml/release-10.sgml
+++ b/doc/src/sgml/release-10.sgml
@@ -38,6 +38,20 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Ensure proper quoting of transition table names
+      when <application>pg_dump</application> emits <command>CREATE TRIGGER
+      ... REFERENCING</command> commands (Tom Lane)
+     </para>
+
+     <para>
+      This oversight could be exploited by an unprivileged user to gain
+      superuser privileges during the next dump/reload
+      or <application>pg_upgrade</application> run.  (CVE-2018-16850)
+     </para>
+    </listitem>
+
     <listitem>
 <!--
 Author: Tom Lane <tgl@sss.pgh.pa.us>
@@ -202,6 +216,25 @@ Branch: REL9_3_STABLE [591d0ac88] 2018-09-15 13:42:34 -0400
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Prevent creation of a partition in a trigger attached to its parent
+      table (Amit Langote)
+     </para>
+
+     <para>
+      Ideally we'd allow that, but for the moment it has to be blocked to
+      avoid crashes.
+     </para>
+    </listitem>
+
+    <listitem>
+     <para>
+      Fix problems with applying <literal>ON COMMIT DELETE ROWS</literal> to
+      a partitioned temporary table (Amit Langote)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix character-class checks to not fail on Windows for Unicode
@@ -899,14 +932,6 @@ Branch: REL_10_STABLE [cb282eab1] 2018-08-22 14:23:03 +0900
      </para>
     </listitem>
 
-    <listitem>
-     <para>
-      Ensure proper quoting of transition table names
-      when <application>pg_dump</application> emits <command>CREATE TRIGGER
-      ... REFERENCING</command> commands (Tom Lane)
-     </para>
-    </listitem>
-
     <listitem>
 <!--
 Author: Tom Lane <tgl@sss.pgh.pa.us>