Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure. CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enforce a TLS connection. CVE-2017-7486 Andrew Wheelwright discovered that user mappings were insufficiently restricted.