Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
1eb5d43b
Commit
1eb5d43b
authored
Feb 05, 2018
by
Tom Lane
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Last-minute updates for release notes.
Security: CVE-2018-1052, CVE-2018-1053
parent
a926eb84
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
137 additions
and
0 deletions
+137
-0
doc/src/sgml/release-10.sgml
doc/src/sgml/release-10.sgml
+49
-0
doc/src/sgml/release-9.3.sgml
doc/src/sgml/release-9.3.sgml
+22
-0
doc/src/sgml/release-9.4.sgml
doc/src/sgml/release-9.4.sgml
+22
-0
doc/src/sgml/release-9.5.sgml
doc/src/sgml/release-9.5.sgml
+22
-0
doc/src/sgml/release-9.6.sgml
doc/src/sgml/release-9.6.sgml
+22
-0
No files found.
doc/src/sgml/release-10.sgml
View file @
1eb5d43b
...
...
@@ -41,6 +41,55 @@
<listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master [3492a0af0] 2018-02-05 10:37:30 -0500
Branch: REL_10_STABLE [fe921a360] 2018-02-05 10:37:30 -0500
-->
<para>
Fix processing of partition keys containing multiple expressions
(Álvaro Herrera, David Rowley)
</para>
<para>
This error led to crashes or, with carefully crafted input, disclosure
of arbitrary backend memory.
(CVE-2018-1052)
</para>
</listitem>
<listitem>
<!--
Author: Tom Lane <tgl@sss.pgh.pa.us>
Branch: master [a926eb84e] 2018-02-05 10:58:27 -0500
Branch: REL_10_STABLE [6ba52aeb2] 2018-02-05 10:58:27 -0500
Branch: REL9_6_STABLE [1341e017d] 2018-02-05 10:58:27 -0500
Branch: REL9_5_STABLE [17aa02368] 2018-02-05 10:58:27 -0500
Branch: REL9_4_STABLE [c3456208d] 2018-02-05 10:58:27 -0500
Branch: REL9_3_STABLE [9c59e48a2] 2018-02-05 10:58:27 -0500
-->
<para>
Ensure that all temporary files made
by <application>pg_upgrade</application> are non-world-readable
(Tom Lane, Noah Misch)
</para>
<para>
<application>pg_upgrade</application> normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing <literal>pg_dumpall -g</literal>
output would be group- or world-readable, or even writable, if the
user's <literal>umask</literal> setting allows. In typical usage on
multi-user machines, the <literal>umask</literal> and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using <application>pg_upgrade</application>
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
</para>
</listitem>
<listitem>
<!--
Author: Andres Freund <andres@anarazel.de>
Branch: master [9c2f0a6c3] 2017-12-14 18:20:47 -0800
Branch: REL_10_STABLE [1224383e8] 2017-12-14 18:20:48 -0800
...
...
doc/src/sgml/release-9.3.sgml
View file @
1eb5d43b
...
...
@@ -33,6 +33,28 @@
<itemizedlist>
<listitem>
<para>
Ensure that all temporary files made
by <application>pg_upgrade</application> are non-world-readable
(Tom Lane, Noah Misch)
</para>
<para>
<application>pg_upgrade</application> normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing <literal>pg_dumpall -g</literal>
output would be group- or world-readable, or even writable, if the
user's <literal>umask</literal> setting allows. In typical usage on
multi-user machines, the <literal>umask</literal> and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using <application>pg_upgrade</application>
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
</para>
</listitem>
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
...
...
doc/src/sgml/release-9.4.sgml
View file @
1eb5d43b
...
...
@@ -33,6 +33,28 @@
<itemizedlist>
<listitem>
<para>
Ensure that all temporary files made
by <application>pg_upgrade</application> are non-world-readable
(Tom Lane, Noah Misch)
</para>
<para>
<application>pg_upgrade</application> normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing <literal>pg_dumpall -g</literal>
output would be group- or world-readable, or even writable, if the
user's <literal>umask</literal> setting allows. In typical usage on
multi-user machines, the <literal>umask</literal> and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using <application>pg_upgrade</application>
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
</para>
</listitem>
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
...
...
doc/src/sgml/release-9.5.sgml
View file @
1eb5d43b
...
...
@@ -33,6 +33,28 @@
<itemizedlist>
<listitem>
<para>
Ensure that all temporary files made
by <application>pg_upgrade</application> are non-world-readable
(Tom Lane, Noah Misch)
</para>
<para>
<application>pg_upgrade</application> normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing <literal>pg_dumpall -g</literal>
output would be group- or world-readable, or even writable, if the
user's <literal>umask</literal> setting allows. In typical usage on
multi-user machines, the <literal>umask</literal> and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using <application>pg_upgrade</application>
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
</para>
</listitem>
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
...
...
doc/src/sgml/release-9.6.sgml
View file @
1eb5d43b
...
...
@@ -39,6 +39,28 @@
<itemizedlist>
<listitem>
<para>
Ensure that all temporary files made
by <application>pg_upgrade</application> are non-world-readable
(Tom Lane, Noah Misch)
</para>
<para>
<application>pg_upgrade</application> normally restricts its
temporary files to be readable and writable only by the calling user.
But the temporary file containing <literal>pg_dumpall -g</literal>
output would be group- or world-readable, or even writable, if the
user's <literal>umask</literal> setting allows. In typical usage on
multi-user machines, the <literal>umask</literal> and/or the working
directory's permissions would be tight enough to prevent problems;
but there may be people using <application>pg_upgrade</application>
in scenarios where this oversight would permit disclosure of database
passwords to unfriendly eyes.
(CVE-2018-1053)
</para>
</listitem>
<listitem>
<para>
Fix vacuuming of tuples that were updated while key-share locked
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
