NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb2ce607

committed

Last-minute release note updates.

Security:CVE-2012-0866,CVE-2012-0867,CVE-2012-0868

1 parent89e0bac commitb2ce607Copy full SHA for b2ce607

File tree

4 files changed

+187

-0

lines changed

doc/src/sgml

4 files changed

+187

-0

lines changed

`‎doc/src/sgml/release-8.3.sgml`

Lines changed: 30 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,36 @@`
`34`	`34`
`35`	`35`	`<itemizedlist>`
`36`	`36`
	`37`	`+ <listitem>`
	`38`	`+ <para>`
	`39`	`+ Require execute permission on the trigger function for`
	`40`	`+ <command>CREATE TRIGGER</> (Robert Haas)`
	`41`	`+ </para>`
	`42`	`+`
	`43`	`+ <para>`
	`44`	`+ This missing check could allow another user to execute a trigger`
	`45`	`+ function with forged input data, by installing it on a table he owns.`
	`46`	`+ This is only of significance for trigger functions marked`
	`47`	`+ <literal>SECURITY DEFINER</>, since otherwise trigger functions run`
	`48`	`+ as the table owner anyway. (CVE-2012-0866)`
	`49`	`+ </para>`
	`50`	`+ </listitem>`
	`51`	`+`
	`52`	`+ <listitem>`
	`53`	`+ <para>`
	`54`	`+ Convert newlines to spaces in names written in <application>pg_dump</>`
	`55`	`+ comments (Robert Haas)`
	`56`	`+ </para>`
	`57`	`+`
	`58`	`+ <para>`
	`59`	`+ <application>pg_dump</> was incautious about sanitizing object names`
	`60`	`+ that are emitted within SQL comments in its output script. A name`
	`61`	`+ containing a newline would at least render the script syntactically`
	`62`	`+ incorrect. Maliciously crafted object names could present a SQL`
	`63`	`+ injection risk when the script is reloaded. (CVE-2012-0868)`
	`64`	`+ </para>`
	`65`	`+ </listitem>`
	`66`	`+`
`37`	`67`	`<listitem>`
`38`	`68`	`<para>`
`39`	`69`	`Fix btree index corruption from insertions concurrent with vacuuming`

`‎doc/src/sgml/release-8.4.sgml`

Lines changed: 50 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,56 @@`
`34`	`34`
`35`	`35`	`<itemizedlist>`
`36`	`36`
	`37`	`+ <listitem>`
	`38`	`+ <para>`
	`39`	`+ Require execute permission on the trigger function for`
	`40`	`+ <command>CREATE TRIGGER</> (Robert Haas)`
	`41`	`+ </para>`
	`42`	`+`
	`43`	`+ <para>`
	`44`	`+ This missing check could allow another user to execute a trigger`
	`45`	`+ function with forged input data, by installing it on a table he owns.`
	`46`	`+ This is only of significance for trigger functions marked`
	`47`	`+ <literal>SECURITY DEFINER</>, since otherwise trigger functions run`
	`48`	`+ as the table owner anyway. (CVE-2012-0866)`
	`49`	`+ </para>`
	`50`	`+ </listitem>`
	`51`	`+`
	`52`	`+ <listitem>`
	`53`	`+ <para>`
	`54`	`+ Remove arbitrary limitation on length of common name in SSL`
	`55`	`+ certificates (Heikki Linnakangas)`
	`56`	`+ </para>`
	`57`	`+`
	`58`	`+ <para>`
	`59`	`+ Both <application>libpq</> and the server truncated the common name`
	`60`	`+ extracted from an SSL certificate at 32 bytes. Normally this would`
	`61`	`+ cause nothing worse than an unexpected verification failure, but there`
	`62`	`+ are some rather-implausible scenarios in which it might allow one`
	`63`	`+ certificate holder to impersonate another. The victim would have to`
	`64`	`+ have a common name exactly 32 bytes long, and the attacker would have`
	`65`	`+ to persuade a trusted CA to issue a certificate in which the common`
	`66`	`+ name has that string as a prefix. Impersonating a server would also`
	`67`	`+ require some additional exploit to redirect client connections.`
	`68`	`+ (CVE-2012-0867)`
	`69`	`+ </para>`
	`70`	`+ </listitem>`
	`71`	`+`
	`72`	`+ <listitem>`
	`73`	`+ <para>`
	`74`	`+ Convert newlines to spaces in names written in <application>pg_dump</>`
	`75`	`+ comments (Robert Haas)`
	`76`	`+ </para>`
	`77`	`+`
	`78`	`+ <para>`
	`79`	`+ <application>pg_dump</> was incautious about sanitizing object names`
	`80`	`+ that are emitted within SQL comments in its output script. A name`
	`81`	`+ containing a newline would at least render the script syntactically`
	`82`	`+ incorrect. Maliciously crafted object names could present a SQL`
	`83`	`+ injection risk when the script is reloaded. (CVE-2012-0868)`
	`84`	`+ </para>`
	`85`	`+ </listitem>`
	`86`	`+`
`37`	`87`	`<listitem>`
`38`	`88`	`<para>`
`39`	`89`	`Fix btree index corruption from insertions concurrent with vacuuming`

`‎doc/src/sgml/release-9.0.sgml`

Lines changed: 50 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,56 @@`
`34`	`34`
`35`	`35`	`<itemizedlist>`
`36`	`36`
	`37`	`+ <listitem>`
	`38`	`+ <para>`
	`39`	`+ Require execute permission on the trigger function for`
	`40`	`+ <command>CREATE TRIGGER</> (Robert Haas)`
	`41`	`+ </para>`
	`42`	`+`
	`43`	`+ <para>`
	`44`	`+ This missing check could allow another user to execute a trigger`
	`45`	`+ function with forged input data, by installing it on a table he owns.`
	`46`	`+ This is only of significance for trigger functions marked`
	`47`	`+ <literal>SECURITY DEFINER</>, since otherwise trigger functions run`
	`48`	`+ as the table owner anyway. (CVE-2012-0866)`
	`49`	`+ </para>`
	`50`	`+ </listitem>`
	`51`	`+`
	`52`	`+ <listitem>`
	`53`	`+ <para>`
	`54`	`+ Remove arbitrary limitation on length of common name in SSL`
	`55`	`+ certificates (Heikki Linnakangas)`
	`56`	`+ </para>`
	`57`	`+`
	`58`	`+ <para>`
	`59`	`+ Both <application>libpq</> and the server truncated the common name`
	`60`	`+ extracted from an SSL certificate at 32 bytes. Normally this would`
	`61`	`+ cause nothing worse than an unexpected verification failure, but there`
	`62`	`+ are some rather-implausible scenarios in which it might allow one`
	`63`	`+ certificate holder to impersonate another. The victim would have to`
	`64`	`+ have a common name exactly 32 bytes long, and the attacker would have`
	`65`	`+ to persuade a trusted CA to issue a certificate in which the common`
	`66`	`+ name has that string as a prefix. Impersonating a server would also`
	`67`	`+ require some additional exploit to redirect client connections.`
	`68`	`+ (CVE-2012-0867)`
	`69`	`+ </para>`
	`70`	`+ </listitem>`
	`71`	`+`
	`72`	`+ <listitem>`
	`73`	`+ <para>`
	`74`	`+ Convert newlines to spaces in names written in <application>pg_dump</>`
	`75`	`+ comments (Robert Haas)`
	`76`	`+ </para>`
	`77`	`+`
	`78`	`+ <para>`
	`79`	`+ <application>pg_dump</> was incautious about sanitizing object names`
	`80`	`+ that are emitted within SQL comments in its output script. A name`
	`81`	`+ containing a newline would at least render the script syntactically`
	`82`	`+ incorrect. Maliciously crafted object names could present a SQL`
	`83`	`+ injection risk when the script is reloaded. (CVE-2012-0868)`
	`84`	`+ </para>`
	`85`	`+ </listitem>`
	`86`	`+`
`37`	`87`	`<listitem>`
`38`	`88`	`<para>`
`39`	`89`	`Fix btree index corruption from insertions concurrent with vacuuming`

`‎doc/src/sgml/release-9.1.sgml`

Lines changed: 57 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,56 @@`
`34`	`34`
`35`	`35`	`<itemizedlist>`
`36`	`36`
	`37`	`+ <listitem>`
	`38`	`+ <para>`
	`39`	`+ Require execute permission on the trigger function for`
	`40`	`+ <command>CREATE TRIGGER</> (Robert Haas)`
	`41`	`+ </para>`
	`42`	`+`
	`43`	`+ <para>`
	`44`	`+ This missing check could allow another user to execute a trigger`
	`45`	`+ function with forged input data, by installing it on a table he owns.`
	`46`	`+ This is only of significance for trigger functions marked`
	`47`	`+ <literal>SECURITY DEFINER</>, since otherwise trigger functions run`
	`48`	`+ as the table owner anyway. (CVE-2012-0866)`
	`49`	`+ </para>`
	`50`	`+ </listitem>`
	`51`	`+`
	`52`	`+ <listitem>`
	`53`	`+ <para>`
	`54`	`+ Remove arbitrary limitation on length of common name in SSL`
	`55`	`+ certificates (Heikki Linnakangas)`
	`56`	`+ </para>`
	`57`	`+`
	`58`	`+ <para>`
	`59`	`+ Both <application>libpq</> and the server truncated the common name`
	`60`	`+ extracted from an SSL certificate at 32 bytes. Normally this would`
	`61`	`+ cause nothing worse than an unexpected verification failure, but there`
	`62`	`+ are some rather-implausible scenarios in which it might allow one`
	`63`	`+ certificate holder to impersonate another. The victim would have to`
	`64`	`+ have a common name exactly 32 bytes long, and the attacker would have`
	`65`	`+ to persuade a trusted CA to issue a certificate in which the common`
	`66`	`+ name has that string as a prefix. Impersonating a server would also`
	`67`	`+ require some additional exploit to redirect client connections.`
	`68`	`+ (CVE-2012-0867)`
	`69`	`+ </para>`
	`70`	`+ </listitem>`
	`71`	`+`
	`72`	`+ <listitem>`
	`73`	`+ <para>`
	`74`	`+ Convert newlines to spaces in names written in <application>pg_dump</>`
	`75`	`+ comments (Robert Haas)`
	`76`	`+ </para>`
	`77`	`+`
	`78`	`+ <para>`
	`79`	`+ <application>pg_dump</> was incautious about sanitizing object names`
	`80`	`+ that are emitted within SQL comments in its output script. A name`
	`81`	`+ containing a newline would at least render the script syntactically`
	`82`	`+ incorrect. Maliciously crafted object names could present a SQL`
	`83`	`+ injection risk when the script is reloaded. (CVE-2012-0868)`
	`84`	`+ </para>`
	`85`	`+ </listitem>`
	`86`	`+`
`37`	`87`	`<listitem>`
`38`	`88`	`<para>`
`39`	`89`	`Fix btree index corruption from insertions concurrent with vacuuming`
`@@ -576,6 +626,13 @@`
`576`	`626`	`</para>`
`577`	`627`	`</listitem>`
`578`	`628`
	`629`	`+ <listitem>`
	`630`	`+ <para>`
	`631`	`+ Allow MinGW builds to use standardly-named OpenSSL libraries`
	`632`	`+ (Tomasz Ostrowski)`
	`633`	`+ </para>`
	`634`	`+ </listitem>`
	`635`	`+`
`579`	`636`	`</itemizedlist>`
`580`	`637`
`581`	`638`	`</sect2>`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb2ce607

File tree

4 files changed

4 files changed

`‎doc/src/sgml/release-8.3.sgml`

`‎doc/src/sgml/release-8.4.sgml`

`‎doc/src/sgml/release-9.0.sgml`

`‎doc/src/sgml/release-9.1.sgml`

0 commit comments