diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2015-10-05 10:57:15 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2015-10-05 10:57:49 -0400 |
| commit | 7bb63b2f8451dad154f9314efc3c5d9714dc4bfe (patch) | |
| tree | 1e236200d67d69e09055bf7a559679c4000f5ec1 | |
| parent | 93837732f71f3faa61591090e5923a274cfceece (diff) | |
| download | postgresql-7bb63b2f8451dad154f9314efc3c5d9714dc4bfe.tar.gz postgresql-7bb63b2f8451dad154f9314efc3c5d9714dc4bfe.zip | |
Last-minute updates for release notes.
Add entries for security and not-quite-security issues.
Security: CVE-2015-5288, CVE-2015-5289
| -rw-r--r-- | doc/src/sgml/release-9.0.sgml | 22 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.1.sgml | 22 |
2 files changed, 44 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index 93198931f88..ef8eb1c9ad2 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -42,6 +42,20 @@ <listitem> <para> + Fix <filename>contrib/pgcrypto</> to detect and report + too-short <function>crypt()</> salts (Josh Kupershmidt) + </para> + + <para> + Certain invalid salt arguments crashed the server or disclosed a few + bytes of server memory. We have not ruled out the viability of + attacks that arrange for presence of confidential information in the + disclosed bytes, but they seem unlikely. (CVE-2015-5288) + </para> + </listitem> + + <listitem> + <para> Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom Lane, Michael Paquier) </para> @@ -126,6 +140,14 @@ <listitem> <para> + Guard against hard-to-reach stack overflows involving record types, + range types, <type>json</>, <type>jsonb</>, <type>tsquery</>, + <type>ltxtquery</> and <type>query_int</> (Noah Misch) + </para> + </listitem> + + <listitem> + <para> Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input (Greg Stark) </para> diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index afffb43969b..fde6b61bced 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -36,6 +36,20 @@ <listitem> <para> + Fix <filename>contrib/pgcrypto</> to detect and report + too-short <function>crypt()</> salts (Josh Kupershmidt) + </para> + + <para> + Certain invalid salt arguments crashed the server or disclosed a few + bytes of server memory. We have not ruled out the viability of + attacks that arrange for presence of confidential information in the + disclosed bytes, but they seem unlikely. (CVE-2015-5288) + </para> + </listitem> + + <listitem> + <para> Fix subtransaction cleanup after a portal (cursor) belonging to an outer subtransaction fails (Tom Lane, Michael Paquier) </para> @@ -132,6 +146,14 @@ <listitem> <para> + Guard against hard-to-reach stack overflows involving record types, + range types, <type>json</>, <type>jsonb</>, <type>tsquery</>, + <type>ltxtquery</> and <type>query_int</> (Noah Misch) + </para> + </listitem> + + <listitem> + <para> Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input (Greg Stark) </para> |