From 89b661bab99e8573fad271f68755ba286932dec2 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 1 Apr 2013 14:11:11 -0400
Subject: [PATCH] Update release notes for 9.2.4, 9.1.9, 9.0.13, 8.4.17.

Security: CVE-2013-1899, CVE-2013-1901
---
 doc/src/sgml/release-9.0.sgml | 14 ++++++++++++++
 doc/src/sgml/release-9.1.sgml | 28 ++++++++++++++++++++++++++++
 doc/src/sgml/release-9.2.sgml | 28 ++++++++++++++++++++++++++++
 3 files changed, 70 insertions(+)

diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml
index 8da5cc3e932..d68d5801d43 100644
--- a/doc/src/sgml/release-9.0.sgml
+++ b/doc/src/sgml/release-9.0.sgml
@@ -41,6 +41,20 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Fix insecure parsing of server command-line switches (Mitsumasa
+      Kondo, Kyotaro Horiguchi)
+     </para>
+
+     <para>
+      A connection request containing a database name that begins with
+      <quote><literal>-</></quote> could be crafted to damage or destroy
+      files within the server's data directory, even if the request is
+      eventually rejected.  (CVE-2013-1899)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Reset OpenSSL randomness state in each postmaster child process
diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml
index 042cd1b6789..0af7f389ecc 100644
--- a/doc/src/sgml/release-9.1.sgml
+++ b/doc/src/sgml/release-9.1.sgml
@@ -41,6 +41,20 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Fix insecure parsing of server command-line switches (Mitsumasa
+      Kondo, Kyotaro Horiguchi)
+     </para>
+
+     <para>
+      A connection request containing a database name that begins with
+      <quote><literal>-</></quote> could be crafted to damage or destroy
+      files within the server's data directory, even if the request is
+      eventually rejected.  (CVE-2013-1899)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Make REPLICATION privilege checks test current user not authenticated
+      user (Noah Misch)
+     </para>
+
+     <para>
+      An unprivileged database user could exploit this mistake to call
+      <function>pg_start_backup()</> or <function>pg_stop_backup()</>,
+      thus possibly interfering with creation of routine backups.
+      (CVE-2013-1901)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml
index 73f1ca576f7..e7cd66240a6 100644
--- a/doc/src/sgml/release-9.2.sgml
+++ b/doc/src/sgml/release-9.2.sgml
@@ -41,6 +41,20 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Fix insecure parsing of server command-line switches (Mitsumasa
+      Kondo, Kyotaro Horiguchi)
+     </para>
+
+     <para>
+      A connection request containing a database name that begins with
+      <quote><literal>-</></quote> could be crafted to damage or destroy
+      files within the server's data directory, even if the request is
+      eventually rejected.  (CVE-2013-1899)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Reset OpenSSL randomness state in each postmaster child process
@@ -56,6 +70,20 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Make REPLICATION privilege checks test current user not authenticated
+      user (Noah Misch)
+     </para>
+
+     <para>
+      An unprivileged database user could exploit this mistake to call
+      <function>pg_start_backup()</> or <function>pg_stop_backup()</>,
+      thus possibly interfering with creation of routine backups.
+      (CVE-2013-1901)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
-- 
2.39.5