From dd5502a8d5caf4775e06a31d17641d49250f3d34 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 5 Oct 2015 10:57:15 -0400 Subject: [PATCH] Last-minute updates for release notes. Add entries for security and not-quite-security issues. Security: CVE-2015-5288, CVE-2015-5289 --- doc/src/sgml/release-9.0.sgml | 22 ++++++++++++++++++++++ doc/src/sgml/release-9.1.sgml | 22 ++++++++++++++++++++++ doc/src/sgml/release-9.2.sgml | 22 ++++++++++++++++++++++ 3 files changed, 66 insertions(+) diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index 93198931f88..ef8eb1c9ad2 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -40,6 +40,20 @@ + + + Fix contrib/pgcrypto to detect and report + too-short crypt() salts (Josh Kupershmidt) + + + + Certain invalid salt arguments crashed the server or disclosed a few + bytes of server memory. We have not ruled out the viability of + attacks that arrange for presence of confidential information in the + disclosed bytes, but they seem unlikely. (CVE-2015-5288) + + + Fix subtransaction cleanup after a portal (cursor) belonging to an @@ -124,6 +138,14 @@ + + + Guard against hard-to-reach stack overflows involving record types, + range types, json, jsonb, tsquery, + ltxtquery and query_int (Noah Misch) + + + Fix handling of DOW and DOY in datetime input diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index afffb43969b..fde6b61bced 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -34,6 +34,20 @@ + + + Fix contrib/pgcrypto to detect and report + too-short crypt() salts (Josh Kupershmidt) + + + + Certain invalid salt arguments crashed the server or disclosed a few + bytes of server memory. We have not ruled out the viability of + attacks that arrange for presence of confidential information in the + disclosed bytes, but they seem unlikely. (CVE-2015-5288) + + + Fix subtransaction cleanup after a portal (cursor) belonging to an @@ -130,6 +144,14 @@ + + + Guard against hard-to-reach stack overflows involving record types, + range types, json, jsonb, tsquery, + ltxtquery and query_int (Noah Misch) + + + Fix handling of DOW and DOY in datetime input diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index 676b6554e52..4bfede5bc0e 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -34,6 +34,20 @@ + + + Fix contrib/pgcrypto to detect and report + too-short crypt() salts (Josh Kupershmidt) + + + + Certain invalid salt arguments crashed the server or disclosed a few + bytes of server memory. We have not ruled out the viability of + attacks that arrange for presence of confidential information in the + disclosed bytes, but they seem unlikely. (CVE-2015-5288) + + + Fix subtransaction cleanup after a portal (cursor) belonging to an @@ -136,6 +150,14 @@ Branch: REL9_1_STABLE [9b1b9446f] 2015-08-27 12:22:10 -0400 + + + Guard against hard-to-reach stack overflows involving record types, + range types, json, jsonb, tsquery, + ltxtquery and query_int (Noah Misch) + + + Fix handling of DOW and DOY in datetime input