database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-08 06:02:22 +03:00
Code Activity

Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.

Browse Source 
Security: CVE-2013-1899, CVE-2013-1901
This commit is contained in:
Tom Lane
2013-04-01 14:11:11 -04:00
parent 17fe2793ea
commit 89b661bab9
3 changed files with 70 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
doc/src/sgml/release-9.0.sgml
View File

@@ -41,6 +41,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Reset OpenSSL randomness state in each postmaster child process Reset OpenSSL randomness state in each postmaster child process

28
doc/src/sgml/release-9.1.sgml
View File

@@ -41,6 +41,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Reset OpenSSL randomness state in each postmaster child process Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Make REPLICATION privilege checks test current user not authenticated
user (Noah Misch)
</para>
<para>
An unprivileged database user could exploit this mistake to call
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
thus possibly interfering with creation of routine backups.
(CVE-2013-1901)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when

28
doc/src/sgml/release-9.2.sgml
View File

@@ -41,6 +41,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Reset OpenSSL randomness state in each postmaster child process Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Make REPLICATION privilege checks test current user not authenticated
user (Noah Misch)
</para>
<para>
An unprivileged database user could exploit this mistake to call
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
thus possibly interfering with creation of routine backups.
(CVE-2013-1901)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when