database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-17 06:41:24 +03:00
Code

Last-minute updates for release notes.

Browse Source 
Add entries for security and not-quite-security issues.

Security: CVE-2015-5288, CVE-2015-5289
This commit is contained in:
Tom Lane 2015-10-05 10:57:15 -04:00
parent e946cc601c
commit f795753663
4 changed files with 102 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/src/sgml/release-9.0.sgml
View File

@ -40,6 +40,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix subtransaction cleanup after a portal (cursor) belonging to an Fix subtransaction cleanup after a portal (cursor) belonging to an
@ -124,6 +138,14 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

22
doc/src/sgml/release-9.1.sgml
View File

@ -34,6 +34,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix subtransaction cleanup after a portal (cursor) belonging to an Fix subtransaction cleanup after a portal (cursor) belonging to an
@ -130,6 +144,14 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

22
doc/src/sgml/release-9.2.sgml
View File

@ -34,6 +34,20 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix subtransaction cleanup after a portal (cursor) belonging to an Fix subtransaction cleanup after a portal (cursor) belonging to an
@ -136,6 +150,14 @@ Branch: REL9_1_STABLE [9b1b9446f] 2015-08-27 12:22:10 -0400
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

36
doc/src/sgml/release-9.3.sgml
View File

@ -34,6 +34,34 @@
<itemizedlist> <itemizedlist>
<listitem>
<para>
Guard against stack overflows in <type>json</> parsing
(Oskari Saarenmaa)
</para>
<para>
If an application constructs PostgreSQL <type>json</>
or <type>jsonb</> values from arbitrary user input, the application's
users can reliably crash the PostgreSQL server, causing momentary
denial of service. (CVE-2015-5289)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix subtransaction cleanup after a portal (cursor) belonging to an Fix subtransaction cleanup after a portal (cursor) belonging to an
@ -146,6 +174,14 @@
</para> </para>
</listitem> </listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem> <listitem>
<para> <para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input