PostgreSQL PL/Tcl background:
==============================
PL/Tcl is a loadable procedural language for the PostgreSQL
database system that enables the Tcl language to be used
to write functions and trigger procedures. 

CVE-2010-1170 flaw:
===================
A flaw was found in the way the PostgreSQL server process enforced
permission checks on scripts written in PL/Tcl. A remote, authenticated
user, running a specially-crafted PL/Tcl script, could use this flaw to
bypass PL/Tcl trusted mode restrictions, allowing them to obtain sensitive
information; execute arbitrary Tcl scripts; or cause a denial of service
(remove protected, sensitive data).

Credit:
=======
Tom Lane of Red Hat

CVE: CVE identifier of CVE-2010-1170 has been assigned to this flaw.
====

Coordinated Release Date (CRD):
===============================
Monday, 2010-05-17

Please do not publicly mention / discuss the information
provided in this advisory prior to that date.

This may change / be postponed slightly yet, but in that case
we will contact you again with updated CRD.

Affected PostgreSQL versions:
=============================
Issue tested && confirmed in PostgreSQL of version v7.3.21 through
to version v9.0alpha4.

Proposed upstream patches (for various PostgreSQL versions):
===========================================================
See patches/pltcl-patches.tar.gz.