Skip to content

Commit 89b661b

Browse files
tglsfdctglsfdc
committed
Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.
Security: CVE-2013-1899, CVE-2013-1901
1 parent 17fe279 commit 89b661b

File tree

3 files changed

+70
-0
lines changed

3 files changed

+70
-0
lines changed

doc/src/sgml/release-9.0.sgml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process

doc/src/sgml/release-9.1.sgml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
5670
</para>
5771
</listitem>
5872

73+
<listitem>
74+
<para>
75+
Make REPLICATION privilege checks test current user not authenticated
76+
user (Noah Misch)
77+
</para>
78+
79+
<para>
80+
An unprivileged database user could exploit this mistake to call
81+
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
82+
thus possibly interfering with creation of routine backups.
83+
(CVE-2013-1901)
84+
</para>
85+
</listitem>
86+
5987
<listitem>
6088
<para>
6189
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when

doc/src/sgml/release-9.2.sgml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
5670
</para>
5771
</listitem>
5872

73+
<listitem>
74+
<para>
75+
Make REPLICATION privilege checks test current user not authenticated
76+
user (Noah Misch)
77+
</para>
78+
79+
<para>
80+
An unprivileged database user could exploit this mistake to call
81+
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
82+
thus possibly interfering with creation of routine backups.
83+
(CVE-2013-1901)
84+
</para>
85+
</listitem>
86+
5987
<listitem>
6088
<para>
6189
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy