Update release notes for security-related releases in all active branches.

Security: CVE-2007-0555, CVE-2007-0556
2025-08-09 17:03:00 +03:00 · 2007-02-02 00:10:51 +00:00
parent 7fbfa4e96a
commit 384f05d55a
1 changed files with 201 additions and 1 deletions
--- a/doc/src/sgml/release.sgml
+++ b/doc/src/sgml/release.sgml
@@ -1,10 +1,79 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.321.4.30 2007/01/06 06:01:48 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/release.sgml,v 1.321.4.31 2007/02/02 00:10:51 tgl Exp $
 -->

 <appendix id="release">
 <title>Release Notes</title>

+  <sect1 id="release-8-0-11">
+   <title>Release 8.0.11</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 8.0.10, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 8.0.11</title>
+
+    <para>
+     A dump/restore is not required for those running 8.0.X.  However,
+     if you are upgrading from a version earlier than 8.0.6, see the release
+     notes for 8.0.6.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerabilities that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerabilities involve suppressing the normal check that a SQL
+      function returns the data type it's declared to, and changing the
+      data type of a table column (CVE-2007-0555, CVE-2007-0556).  These
+      errors can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+ 
  <sect1 id="release-8-0-10">
   <title>Release 8.0.10</title>

@@ -3329,6 +3398,75 @@ typedefs (Michael)</para></listitem>
   </sect2>
  </sect1>

+  <sect1 id="release-7-4-16">
+   <title>Release 7.4.16</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.4.15, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.4.16</title>
+
+    <para>
+     A dump/restore is not required for those running 7.4.X.  However,
+     if you are upgrading from a version earlier than 7.4.11, see the release
+     notes for 7.4.11.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves suppressing the normal check that a SQL
+      function returns the data type it's declared to, or changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix for rare Assert() crash triggered by <literal>UNION</> (Tom)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
  <sect1 id="release-7-4-15">
   <title>Release 7.4.15</title>

@@ -6375,6 +6513,68 @@ DROP SCHEMA information_schema CASCADE;
  </sect2>
 </sect1>

+  <sect1 id="release-7-3-18">
+   <title>Release 7.3.18</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.3.17, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.3.18</title>
+
+    <para>
+     A dump/restore is not required for those running 7.3.X.  However,
+     if you are upgrading from a version earlier than 7.3.13, see the release
+     notes for 7.3.13.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
  <sect1 id="release-7-3-17">
   <title>Release 7.3.17</title>