Skip to content

Commit 89b661b

Browse files
tglsfdctglsfdc
committed
Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.
Security: CVE-2013-1899, CVE-2013-1901
1 parent 17fe279 commit 89b661b

File tree

3 files changed

+70
-0
lines changed

3 files changed

+70
-0
lines changed

doc/src/sgml/release-9.0.sgml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process

doc/src/sgml/release-9.1.sgml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
5670
</para>
5771
</listitem>
5872

73+
<listitem>
74+
<para>
75+
Make REPLICATION privilege checks test current user not authenticated
76+
user (Noah Misch)
77+
</para>
78+
79+
<para>
80+
An unprivileged database user could exploit this mistake to call
81+
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
82+
thus possibly interfering with creation of routine backups.
83+
(CVE-2013-1901)
84+
</para>
85+
</listitem>
86+
5987
<listitem>
6088
<para>
6189
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when

doc/src/sgml/release-9.2.sgml

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,20 @@
4141

4242
<itemizedlist>
4343

44+
<listitem>
45+
<para>
46+
Fix insecure parsing of server command-line switches (Mitsumasa
47+
Kondo, Kyotaro Horiguchi)
48+
</para>
49+
50+
<para>
51+
A connection request containing a database name that begins with
52+
<quote><literal>-</></quote> could be crafted to damage or destroy
53+
files within the server's data directory, even if the request is
54+
eventually rejected. (CVE-2013-1899)
55+
</para>
56+
</listitem>
57+
4458
<listitem>
4559
<para>
4660
Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
5670
</para>
5771
</listitem>
5872

73+
<listitem>
74+
<para>
75+
Make REPLICATION privilege checks test current user not authenticated
76+
user (Noah Misch)
77+
</para>
78+
79+
<para>
80+
An unprivileged database user could exploit this mistake to call
81+
<function>pg_start_backup()</> or <function>pg_stop_backup()</>,
82+
thus possibly interfering with creation of routine backups.
83+
(CVE-2013-1901)
84+
</para>
85+
</listitem>
86+
5987
<listitem>
6088
<para>
6189
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when

0 commit comments

Comments
 (0)