CVE-2018-1053 - Ensure that all temporary files made with "pg_upgrade" are non-world-readable

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pgupgrade creates file in current working directory containing the output of pgdumpall -g under umask which was in effect when the user invoked pgupgrade, and not under 0077 which...

CVE-2017-15098

Invalid jsonpopulaterecordset or jsonbpopulaterecordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory...