Previously, granting an SQL role without ADMIN OPTION allowed the grantee to remove other users from the granted role. Acknowledgements: Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
This is now public: https://github.com/postgres/postgres/commit/fea164a72a7bfd50d77ba5fb418d357f8f2bb7d0
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 5 Via RHSA-2014:0211 https://rhn.redhat.com/errata/RHSA-2014-0211.html
This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2014:0221 https://rhn.redhat.com/errata/RHSA-2014-0221.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0249 https://rhn.redhat.com/errata/RHSA-2014-0249.html
This issue has been addressed in following products: CloudForms Management Engine 5.x Via RHSA-2014:0469 https://rhn.redhat.com/errata/RHSA-2014-0469.html