1. 3
  1.  

  2. 1

    I’m guessing a bug in pre-authentication code.

    1. 1

      A post auth bug! Well, I guess the buggy code is technically pre auth, but from the description it sounds like the vulnerability is limited to one authenticated user messing with another authenticated user. i.e., it’s “only” a problem for shared database servers.

      http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=21ce40c8eab4d0da110fb

      PRNG (predictable random number generator) for the not win. Again.