diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/release-9.0.sgml | 14 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.1.sgml | 28 | ||||
| -rw-r--r-- | doc/src/sgml/release-9.2.sgml | 28 |
3 files changed, 70 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index 8da5cc3e932..d68d5801d43 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -43,6 +43,20 @@ <listitem> <para> + Fix insecure parsing of server command-line switches (Mitsumasa + Kondo, Kyotaro Horiguchi) + </para> + + <para> + A connection request containing a database name that begins with + <quote><literal>-</></quote> could be crafted to damage or destroy + files within the server's data directory, even if the request is + eventually rejected. (CVE-2013-1899) + </para> + </listitem> + + <listitem> + <para> Reset OpenSSL randomness state in each postmaster child process (Marko Kreen) </para> diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml index 042cd1b6789..0af7f389ecc 100644 --- a/doc/src/sgml/release-9.1.sgml +++ b/doc/src/sgml/release-9.1.sgml @@ -43,6 +43,20 @@ <listitem> <para> + Fix insecure parsing of server command-line switches (Mitsumasa + Kondo, Kyotaro Horiguchi) + </para> + + <para> + A connection request containing a database name that begins with + <quote><literal>-</></quote> could be crafted to damage or destroy + files within the server's data directory, even if the request is + eventually rejected. (CVE-2013-1899) + </para> + </listitem> + + <listitem> + <para> Reset OpenSSL randomness state in each postmaster child process (Marko Kreen) </para> @@ -58,6 +72,20 @@ <listitem> <para> + Make REPLICATION privilege checks test current user not authenticated + user (Noah Misch) + </para> + + <para> + An unprivileged database user could exploit this mistake to call + <function>pg_start_backup()</> or <function>pg_stop_backup()</>, + thus possibly interfering with creation of routine backups. + (CVE-2013-1901) + </para> + </listitem> + + <listitem> + <para> Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when it's not appropriate to do so (Alexander Korotkov) </para> diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml index 73f1ca576f7..e7cd66240a6 100644 --- a/doc/src/sgml/release-9.2.sgml +++ b/doc/src/sgml/release-9.2.sgml @@ -43,6 +43,20 @@ <listitem> <para> + Fix insecure parsing of server command-line switches (Mitsumasa + Kondo, Kyotaro Horiguchi) + </para> + + <para> + A connection request containing a database name that begins with + <quote><literal>-</></quote> could be crafted to damage or destroy + files within the server's data directory, even if the request is + eventually rejected. (CVE-2013-1899) + </para> + </listitem> + + <listitem> + <para> Reset OpenSSL randomness state in each postmaster child process (Marko Kreen) </para> @@ -58,6 +72,20 @@ <listitem> <para> + Make REPLICATION privilege checks test current user not authenticated + user (Noah Misch) + </para> + + <para> + An unprivileged database user could exploit this mistake to call + <function>pg_start_backup()</> or <function>pg_stop_backup()</>, + thus possibly interfering with creation of routine backups. + (CVE-2013-1901) + </para> + </listitem> + + <listitem> + <para> Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when it's not appropriate to do so (Alexander Korotkov) </para> |