Last-minute updates for release notes.

Security: CVE-2022-41862

diff --git a/doc/src/sgml/release-12.sgml b/doc/src/sgml/release-12.sgml
index 797a5011d86e44c10815bc35a538207813983f94..6a7a56e957d31cfbaa4ea4543fff68f0e95ffb52 100644 (file)
--- a/doc/src/sgml/release-12.sgml
+++ b/doc/src/sgml/release-12.sgml
@@ -35,6 +35,35 @@
 
     <listitem>
 <!--
+Author: Michael Paquier <michael@paquier.xyz>
+Branch: master [71c37797d] 2023-02-06 11:20:07 +0900
+Branch: REL_15_STABLE [715c345dd] 2023-02-06 11:20:20 +0900
+Branch: REL_14_STABLE [626f2c1d6] 2023-02-06 11:20:23 +0900
+Branch: REL_13_STABLE [45a945ee9] 2023-02-06 11:20:27 +0900
+Branch: REL_12_STABLE [3f7342671] 2023-02-06 11:20:31 +0900
+-->
+     <para>
+      <application>libpq</application> can leak memory contents after
+      GSSAPI transport encryption initiation fails (Jacob Champion)
+     </para>
+
+     <para>
+      A modified server, or an unauthenticated man-in-the-middle, can
+      send a not-zero-terminated error message during setup of GSSAPI
+      (Kerberos) transport encryption.  <application>libpq</application>
+      will then copy that string, as well as following bytes in
+      application memory up to the next zero byte, to its error report.
+      Depending on what the calling application does with the error
+      report, this could result in disclosure of application memory
+      contents.  There is also a small probability of a crash due to
+      reading beyond the end of memory.  Fix by properly zero-terminating
+      the server message.
+      (CVE-2022-41862)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Tom Lane <tgl@sss.pgh.pa.us>
 Branch: master [c9f7f9264] 2023-01-21 13:10:29 -0500
 Branch: REL_15_STABLE [9e4288ce6] 2023-01-21 13:10:29 -0500