git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Last-minute updates for release notes.

author Tom Lane <tgl@sss.pgh.pa.us>

Mon, 5 Oct 2015 14:57:15 +0000 (10:57 -0400)

committer Tom Lane <tgl@sss.pgh.pa.us>

Mon, 5 Oct 2015 14:57:43 +0000 (10:57 -0400)

Add entries for security and not-quite-security issues.

Security: CVE-2015-5288, CVE-2015-5289

doc/src/sgml/release-9.0.sgml patch | blob | blame | history

doc/src/sgml/release-9.1.sgml patch | blob | blame | history

doc/src/sgml/release-9.2.sgml patch | blob | blame | history

doc/src/sgml/release-9.3.sgml patch | blob | blame | history

doc/src/sgml/release-9.4.sgml patch | blob | blame | history

diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml

index 93198931f88bace1f00246d703681b3248e0b9a0..ef8eb1c9ad2d912a62e499641611c1e2c7c9e325 100644 (file)

--- a/doc/src/sgml/release-9.0.sgml

+++ b/doc/src/sgml/release-9.0.sgml

@@ -40,6 +40,20 @@

+ <listitem>

+ <para>

+ Fix <filename>contrib/pgcrypto</> to detect and report

+ too-short <function>crypt()</> salts (Josh Kupershmidt)

+ </para>

+ <para>

+ Certain invalid salt arguments crashed the server or disclosed a few

+ bytes of server memory. We have not ruled out the viability of

+ attacks that arrange for presence of confidential information in the

+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)

+ </para>

+ </listitem>

<para>

Fix subtransaction cleanup after a portal (cursor) belonging to an

@@ -124,6 +138,14 @@

</para>

</listitem>

+ <listitem>

+ <para>

+ Guard against hard-to-reach stack overflows involving record types,

+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,

+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)

+ </para>

+ </listitem>

<para>

Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml

index afffb43969b580730b28771d2632ba55c7da6b2c..fde6b61bced0727d9803f3b83fe291819172cb0f 100644 (file)

--- a/doc/src/sgml/release-9.1.sgml

+++ b/doc/src/sgml/release-9.1.sgml

@@ -34,6 +34,20 @@

+ <listitem>

+ <para>

+ Fix <filename>contrib/pgcrypto</> to detect and report

+ too-short <function>crypt()</> salts (Josh Kupershmidt)

+ </para>

+ <para>

+ Certain invalid salt arguments crashed the server or disclosed a few

+ bytes of server memory. We have not ruled out the viability of

+ attacks that arrange for presence of confidential information in the

+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)

+ </para>

+ </listitem>

<para>

Fix subtransaction cleanup after a portal (cursor) belonging to an

@@ -130,6 +144,14 @@

</para>

</listitem>

+ <listitem>

+ <para>

+ Guard against hard-to-reach stack overflows involving record types,

+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,

+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)

+ </para>

+ </listitem>

<para>

Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml

index 676b6554e5294688e5bc4fd4c513f1d10f0d5454..4bfede5bc0e60d0eec3988fbb3abf1779ef4f53e 100644 (file)

--- a/doc/src/sgml/release-9.2.sgml

+++ b/doc/src/sgml/release-9.2.sgml

@@ -34,6 +34,20 @@

+ <listitem>

+ <para>

+ Fix <filename>contrib/pgcrypto</> to detect and report

+ too-short <function>crypt()</> salts (Josh Kupershmidt)

+ </para>

+ <para>

+ Certain invalid salt arguments crashed the server or disclosed a few

+ bytes of server memory. We have not ruled out the viability of

+ attacks that arrange for presence of confidential information in the

+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)

+ </para>

+ </listitem>

<para>

Fix subtransaction cleanup after a portal (cursor) belonging to an

@@ -136,6 +150,14 @@ Branch: REL9_1_STABLE [9b1b9446f] 2015年08月27日 12:22:10 -0400

</para>

</listitem>

+ <listitem>

+ <para>

+ Guard against hard-to-reach stack overflows involving record types,

+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,

+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)

+ </para>

+ </listitem>

<para>

Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml

index c0fd1b3b79b93cd42be61890d6b80721943ba017..1ac6abe632a95ddc1dac829fd36ee364ed20ea32 100644 (file)

--- a/doc/src/sgml/release-9.3.sgml

+++ b/doc/src/sgml/release-9.3.sgml

@@ -34,6 +34,34 @@

+ <listitem>

+ <para>

+ Guard against stack overflows in <type>json</> parsing

+ (Oskari Saarenmaa)

+ </para>

+ <para>

+ If an application constructs PostgreSQL <type>json</>

+ or <type>jsonb</> values from arbitrary user input, the application's

+ users can reliably crash the PostgreSQL server, causing momentary

+ denial of service. (CVE-2015-5289)

+ </para>

+ </listitem>

+ <listitem>

+ <para>

+ Fix <filename>contrib/pgcrypto</> to detect and report

+ too-short <function>crypt()</> salts (Josh Kupershmidt)

+ </para>

+ <para>

+ Certain invalid salt arguments crashed the server or disclosed a few

+ bytes of server memory. We have not ruled out the viability of

+ attacks that arrange for presence of confidential information in the

+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)

+ </para>

+ </listitem>

<para>

Fix subtransaction cleanup after a portal (cursor) belonging to an

@@ -146,6 +174,14 @@

</para>

</listitem>

+ <listitem>

+ <para>

+ Guard against hard-to-reach stack overflows involving record types,

+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,

+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)

+ </para>

+ </listitem>

<para>

Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input

diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml

index 361e75709767e5ca386ad58d3f4d48d89f926ad9..4fd1feb6fa9a22aa10e7ee2ea5761143833f6a2d 100644 (file)

--- a/doc/src/sgml/release-9.4.sgml

+++ b/doc/src/sgml/release-9.4.sgml

@@ -33,6 +33,53 @@

+<!--

+Author: Noah Misch <noah@leadboat.com>

+Branch: master [08fa47c48] 2015年10月05日 10:06:29 -0400

+Branch: REL9_5_STABLE [98f30d2e5] 2015年10月05日 10:06:33 -0400

+Branch: REL9_4_STABLE [16d58b5b5] 2015年10月05日 10:06:34 -0400

+Branch: REL9_3_STABLE [f8862172e] 2015年10月05日 10:06:34 -0400

+-->

+ <listitem>

+ <para>

+ Guard against stack overflows in <type>json</> parsing

+ (Oskari Saarenmaa)

+ </para>

+ <para>

+ If an application constructs PostgreSQL <type>json</>

+ or <type>jsonb</> values from arbitrary user input, the application's

+ users can reliably crash the PostgreSQL server, causing momentary

+ denial of service. (CVE-2015-5289)

+ </para>

+ </listitem>

+<!--

+Author: Noah Misch <noah@leadboat.com>

+Branch: master [1d812c8b0] 2015年10月05日 10:06:29 -0400

+Branch: REL9_5_STABLE [4d6752277] 2015年10月05日 10:06:33 -0400

+Branch: REL9_4_STABLE [4d95419e8] 2015年10月05日 10:06:34 -0400

+Branch: REL9_3_STABLE [cc1210f0a] 2015年10月05日 10:06:34 -0400

+Branch: REL9_2_STABLE [56232f987] 2015年10月05日 10:06:35 -0400

+Branch: REL9_1_STABLE [48f6310bc] 2015年10月05日 10:06:35 -0400

+Branch: REL9_0_STABLE [188e081ef] 2015年10月05日 10:06:36 -0400

+-->

+ <listitem>

+ <para>

+ Fix <filename>contrib/pgcrypto</> to detect and report

+ too-short <function>crypt()</> salts (Josh Kupershmidt)

+ </para>

+ <para>

+ Certain invalid salt arguments crashed the server or disclosed a few

+ bytes of server memory. We have not ruled out the viability of

+ attacks that arrange for presence of confidential information in the

+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)

+ </para>

+ </listitem>

<!--

Author: Tom Lane <tgl@sss.pgh.pa.us>

Branch: master [c5454f99c] 2015年09月04日 13:37:14 -0400

@@ -201,6 +248,13 @@ Branch: REL9_3_STABLE [fee2275ae] 2015年09月24日 14:53:33 +0200

Branch: REL9_2_STABLE [f12932dd4] 2015年09月24日 14:53:33 +0200

Branch: REL9_1_STABLE [ff090bbb7] 2015年09月24日 14:53:33 +0200

Branch: REL9_0_STABLE [078d471a9] 2015年09月24日 14:53:33 +0200

+Branch: master [2596d705b] 2015年10月05日 11:53:43 +0200

+Branch: REL9_5_STABLE [0577821b5] 2015年10月05日 11:56:58 +0200

+Branch: REL9_4_STABLE [13ac4c035] 2015年10月05日 11:57:07 +0200

+Branch: REL9_3_STABLE [393341714] 2015年10月05日 11:57:11 +0200

+Branch: REL9_2_STABLE [e07cfef34] 2015年10月05日 11:57:15 +0200

+Branch: REL9_1_STABLE [7116a3e98] 2015年10月05日 11:57:20 +0200

+Branch: REL9_0_STABLE [eeb0b7830] 2015年10月05日 11:57:25 +0200

-->

@@ -266,6 +320,33 @@ Branch: REL9_0_STABLE [a89781e34] 2015年09月21日 12:12:16 -0400

</para>

</listitem>

+<!--

+Author: Noah Misch <noah@leadboat.com>

+Branch: master [30cb12881] 2015年10月05日 10:06:29 -0400

+Branch: REL9_5_STABLE [acf0da1e6] 2015年10月05日 10:06:33 -0400

+Branch: REL9_4_STABLE [a0c02ed5b] 2015年10月05日 10:06:34 -0400

+Branch: REL9_3_STABLE [9286ff78f] 2015年10月05日 10:06:34 -0400

+Branch: REL9_2_STABLE [5e43130b5] 2015年10月05日 10:06:35 -0400

+Branch: REL9_1_STABLE [9581e2699] 2015年10月05日 10:06:35 -0400

+Branch: REL9_0_STABLE [0398e071a] 2015年10月05日 10:06:36 -0400

+Branch: master [5976097c0] 2015年10月05日 10:06:30 -0400

+Branch: REL9_5_STABLE [7bed97d48] 2015年10月05日 10:06:33 -0400

+Branch: REL9_4_STABLE [bed3f6d03] 2015年10月05日 10:06:34 -0400

+Branch: REL9_3_STABLE [28dea9485] 2015年10月05日 10:06:34 -0400

+Branch: REL9_2_STABLE [ea68c221f] 2015年10月05日 10:06:35 -0400

+Branch: REL9_1_STABLE [879877b00] 2015年10月05日 10:06:35 -0400

+Branch: REL9_0_STABLE [682a25d41] 2015年10月05日 10:06:36 -0400

+Branch: REL9_2_STABLE [8dacb29ca] 2015年10月05日 10:06:35 -0400

+-->

+ <listitem>

+ <para>

+ Guard against hard-to-reach stack overflows involving record types,

+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,

+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)

+ </para>

+ </listitem>

<!--

Author: Greg Stark <stark@mit.edu>

Branch: master [258ee1b63] 2015年09月06日 03:35:56 +0100

This is the main PostgreSQL git repository.

RSS Atom