Two open source libraries, libxml2 and libxslt are insecurely used by the open source database and can let users read or write arbitrary files on a system. Patched versions of PostgreSQL are available, but there is some breaking of backwards compatibility
Read more at The H