It was discovered that a late privilege drop in the "REFRESH MATERIALIZED VIEW CONCURRENTLY" command could allow an attacker to trick a user with higher privileges to run SQL commands with these permissions.
https://security-tracker.debian.org/tracker/DSA-5622-1
Continue reading...
https://security-tracker.debian.org/tracker/DSA-5622-1
Continue reading...