Skip to content

Commit fa3ddd2

Browse files
tglsfdctglsfdc
committed
Last-minute updates for release notes.
Security: CVE-2025-1094
1 parent f9fceef commit fa3ddd2

File tree

1 file changed

+97
-0
lines changed

1 file changed

+97
-0
lines changed

doc/src/sgml/release-13.sgml

+97
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,103 @@
4141

4242
<listitem>
4343
<!--
44+
Author: Andres Freund <andres@anarazel.de>
45+
Branch: master [5dc1e42b4] 2025-02-10 10:03:37 -0500
46+
Branch: REL_17_STABLE [43a77239d] 2025-02-10 10:03:38 -0500
47+
Branch: REL_16_STABLE [92e4170f4] 2025-02-10 10:03:39 -0500
48+
Branch: REL_15_STABLE [370c94d4c] 2025-02-10 10:03:39 -0500
49+
Branch: REL_14_STABLE [e0ef3d776] 2025-02-10 10:03:40 -0500
50+
Branch: REL_13_STABLE [c906bfe1b] 2025-02-10 10:03:40 -0500
51+
Branch: master [4dc289635] 2025-02-10 10:03:37 -0500
52+
Branch: REL_17_STABLE [7d43ca6fe] 2025-02-10 10:03:38 -0500
53+
Branch: REL_16_STABLE [6e05b195d] 2025-02-10 10:03:39 -0500
54+
Branch: REL_15_STABLE [703b3fd5d] 2025-02-10 10:03:39 -0500
55+
Branch: REL_14_STABLE [5bc33cbea] 2025-02-10 10:03:40 -0500
56+
Branch: REL_13_STABLE [db3eb0e82] 2025-02-10 10:03:40 -0500
57+
Branch: master [3e98c8ce5] 2025-02-10 10:03:37 -0500
58+
Branch: REL_17_STABLE [61ad93cdd] 2025-02-10 10:03:38 -0500
59+
Branch: REL_16_STABLE [56aa2dcdd] 2025-02-10 10:03:39 -0500
60+
Branch: REL_15_STABLE [b1756da75] 2025-02-10 10:03:39 -0500
61+
Branch: REL_14_STABLE [2ae54ae17] 2025-02-10 10:03:40 -0500
62+
Branch: REL_13_STABLE [5df4e1632] 2025-02-10 10:03:40 -0500
63+
Branch: master [ac00ff1c9] 2025-02-10 10:03:37 -0500
64+
Branch: REL_17_STABLE [02d4d87ac] 2025-02-10 10:03:38 -0500
65+
Branch: REL_16_STABLE [01784793f] 2025-02-10 10:03:39 -0500
66+
Branch: REL_15_STABLE [de4b92f33] 2025-02-10 10:03:39 -0500
67+
Branch: REL_14_STABLE [46ddf98df] 2025-02-10 10:03:40 -0500
68+
Branch: REL_13_STABLE [4ea3f5ef3] 2025-02-10 10:03:40 -0500
69+
Branch: master [979205e47] 2025-02-10 12:12:14 -0500
70+
Branch: REL_17_STABLE [05abb0f83] 2025-02-10 12:12:53 -0500
71+
Branch: REL_16_STABLE [41343f840] 2025-02-10 12:12:56 -0500
72+
Branch: REL_15_STABLE [a085fa731] 2025-02-10 12:12:58 -0500
73+
Branch: REL_14_STABLE [4a6825c76] 2025-02-10 12:12:59 -0500
74+
Branch: REL_13_STABLE [7beb2af5e] 2025-02-10 12:13:02 -0500
75+
Branch: REL_13_STABLE [00f1a1f66] 2025-02-10 10:03:40 -0500
76+
Author: Tom Lane <tgl@sss.pgh.pa.us>
77+
Branch: master [5bf12323b] 2025-02-10 16:30:03 -0500
78+
Branch: REL_17_STABLE [85c1fcc65] 2025-02-10 16:30:31 -0500
79+
Branch: REL_16_STABLE [0075a5c6c] 2025-02-10 16:30:37 -0500
80+
Branch: REL_15_STABLE [9862de917] 2025-02-10 16:30:54 -0500
81+
Branch: REL_14_STABLE [e1f1b030d] 2025-02-10 16:31:01 -0500
82+
Branch: REL_13_STABLE [f9fceef6e] 2025-02-10 16:31:09 -0500
83+
-->
84+
<para>
85+
Harden <function>PQescapeString</function> and allied functions
86+
against invalidly-encoded input strings (Andres Freund, Noah Misch)
87+
<ulink url="&commit_baseurl;c906bfe1b">&sect;</ulink>
88+
<ulink url="&commit_baseurl;db3eb0e82">&sect;</ulink>
89+
<ulink url="&commit_baseurl;5df4e1632">&sect;</ulink>
90+
<ulink url="&commit_baseurl;4ea3f5ef3">&sect;</ulink>
91+
<ulink url="&commit_baseurl;7beb2af5e">&sect;</ulink>
92+
<ulink url="&commit_baseurl;00f1a1f66">&sect;</ulink>
93+
<ulink url="&commit_baseurl;f9fceef6e">&sect;</ulink>
94+
</para>
95+
96+
<para>
97+
Data-quoting functions supplied by <application>libpq</application>
98+
now fully check the encoding validity of their input. If invalid
99+
characters are detected, they report an error if possible. For the
100+
ones that lack an error return convention, the output string is
101+
adjusted to ensure that the server will report invalid encoding and
102+
no intervening processing will be fooled by bytes that might happen
103+
to match single quote, backslash, etc.
104+
</para>
105+
106+
<para>
107+
The purpose of this change is to guard against SQL-injection attacks
108+
that are possible if one of these functions is used to quote crafted
109+
input. There is no hazard when the resulting string is sent
110+
directly to a <productname>PostgreSQL</productname> server (which
111+
would check its encoding anyway), but there is a risk when it is
112+
passed through <application>psql</application> or other client-side
113+
code. Historically such code has not carefully vetted encoding, and
114+
in many cases it's not clear what it should do if it did detect such
115+
a problem.
116+
</para>
117+
118+
<para>
119+
This fix is effective only if the data-quoting function, the server,
120+
and any intermediate processing agree on the character encoding
121+
that's being used. Applications that insert untrusted input into
122+
SQL commands should take special care to ensure that that's true.
123+
</para>
124+
125+
<para>
126+
Applications and drivers that quote untrusted input without using
127+
these <application>libpq</application> functions may be at risk of
128+
similar problems. They should first confirm the data is valid in
129+
the encoding expected by the server.
130+
</para>
131+
132+
<para>
133+
The <productname>PostgreSQL</productname> Project thanks
134+
Stephen Fewer for reporting this problem.
135+
(CVE-2025-1094)
136+
</para>
137+
</listitem>
138+
139+
<listitem>
140+
<!--
44141
Author: Tom Lane <tgl@sss.pgh.pa.us>
45142
Branch: master [34486b609] 2024-12-28 16:08:50 -0500
46143
Branch: REL_17_STABLE [15b4c46c3] 2024-12-28 16:08:50 -0500

0 commit comments

Comments
 (0)