PostgreSQL PL/Perl background:
==============================
PL/Perl is a loadable procedural language that enables 
to write PostgreSQL functions in the Perl programming language. 

CVE-2010-1169 flaw:
===================
A flaw was found in the way the PostgreSQL server process enforced
permission checks on scripts written in PL/Perl. A remote, authenticated
user, running a specially-crafted PL/Perl script, could use this flaw to
bypass PL/Perl trusted mode restrictions, allowing them to obtain sensitive
information; execute arbitrary Perl scripts; or cause a denial of service
(remove protected, sensitive data).

Credit:
=======
Tim Bunce

CVE: CVE identifier of CVE-2010-1169 has been assigned to this flaw.
====

Coordinated Release Date (CRD):
===============================
Monday, 2010-05-17

Please do not publicly mention / discuss the information
provided in this advisory prior to that date.

This may change / be postponed slightly yet, but in that case
we will contact you again with updated CRD.

Affected PostgreSQL versions:
=============================
Issue tested && confirmed in PostgreSQL of version v7.3.21 through
to version v9.0alpha4.

Draft patch by Tim Bunce:
========================
See patches/patch-v8.4-stable/pgsql-plperl-CVE-2010-1169-v8.4-draft.patch

Upstream backported patches to older versions of PostgreSQL:
============================================================
See patches/pgsql-rmsafe-CVE-2010-1169-patches.tar.gz.
Please read also patches/README\ --\ IMPORTANT file, as it
contains important upstream information, related with CVE-2010-1169
fix (there are some issues yet, and it's possible the final form
will be slightly different yet).