From abeae11765ccc7edd9a6c825c1cb8c04346fadb4 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 2 Feb 2007 00:11:02 +0000 Subject: [PATCH] Update release notes for security-related releases in all active branches. Security: CVE-2007-0555, CVE-2007-0556 --- doc/src/sgml/release.sgml | 133 +++++++++++++++++++++++++++++++++++++- 1 file changed, 132 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index 0db52297814..cc283d8e733 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,10 +1,79 @@ Release Notes + + Release 7.4.16 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 7.4.15, including + a security fix. + + + + Migration to version 7.4.16 + + + A dump/restore is not required for those running 7.4.X. However, + if you are upgrading from a version earlier than 7.4.11, see the release + notes for 7.4.11. + + + + + + Changes + + + + + + Remove security vulnerability that allowed connected users + to read backend memory (Tom) + + + The vulnerability involves suppressing the normal check that a SQL + function returns the data type it's declared to, or changing the + data type of a table column used in a SQL function (CVE-2007-0555). + This error can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Fix for rare Assert() crash triggered by UNION (Tom) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + + + + Release 7.4.15 @@ -3051,6 +3120,68 @@ DROP SCHEMA information_schema CASCADE; + + Release 7.3.18 + + + Release date + 2007-02-05 + + + + This release contains a variety of fixes from 7.3.17, including + a security fix. + + + + Migration to version 7.3.18 + + + A dump/restore is not required for those running 7.3.X. However, + if you are upgrading from a version earlier than 7.3.13, see the release + notes for 7.3.13. + + + + + + Changes + + + + + + Remove security vulnerability that allowed connected users + to read backend memory (Tom) + + + The vulnerability involves changing the + data type of a table column used in a SQL function (CVE-2007-0555). + This error can easily be exploited to cause a backend crash, and in + principle might be used to read database content that the user + should not be able to access. + + + + + + Fix rare bug wherein btree index page splits could fail + due to choosing an infeasible split point (Heikki Linnakangas) + + + + + + Tighten security of multi-byte character processing for UTF8 sequences + over three bytes long (Tom) + + + + + + + + Release 7.3.17 -- 2.39.5