+++ This bug was initially created as a clone of Bug #237680 +++
Quoting the PostgreSQL release notes:
Support explicit placement of the temporary-table schema within search_path,
and disable searching it for functions and operators (Tom)
This is needed to allow a security-definer function to set a truly secure
value of search_path. Without it, an unprivileged SQL user can use temporary
objects to execute code with the privileges of the security-definer function
(CVE-2007-2138). See CREATE FUNCTION for more information.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.