Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
b2ce6070
Commit
b2ce6070
authored
Feb 23, 2012
by
Tom Lane
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Last-minute release note updates.
Security: CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
parent
89e0bac8
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
187 additions
and
0 deletions
+187
-0
doc/src/sgml/release-8.3.sgml
doc/src/sgml/release-8.3.sgml
+30
-0
doc/src/sgml/release-8.4.sgml
doc/src/sgml/release-8.4.sgml
+50
-0
doc/src/sgml/release-9.0.sgml
doc/src/sgml/release-9.0.sgml
+50
-0
doc/src/sgml/release-9.1.sgml
doc/src/sgml/release-9.1.sgml
+57
-0
No files found.
doc/src/sgml/release-8.3.sgml
View file @
b2ce6070
...
@@ -34,6 +34,36 @@
...
@@ -34,6 +34,36 @@
<itemizedlist>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<listitem>
<para>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
Fix btree index corruption from insertions concurrent with vacuuming
...
...
doc/src/sgml/release-8.4.sgml
View file @
b2ce6070
...
@@ -34,6 +34,56 @@
...
@@ -34,6 +34,56 @@
<itemizedlist>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
</para>
<para>
Both <application>libpq</> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<listitem>
<para>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
Fix btree index corruption from insertions concurrent with vacuuming
...
...
doc/src/sgml/release-9.0.sgml
View file @
b2ce6070
...
@@ -34,6 +34,56 @@
...
@@ -34,6 +34,56 @@
<itemizedlist>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
</para>
<para>
Both <application>libpq</> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<listitem>
<para>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
Fix btree index corruption from insertions concurrent with vacuuming
...
...
doc/src/sgml/release-9.1.sgml
View file @
b2ce6070
...
@@ -34,6 +34,56 @@
...
@@ -34,6 +34,56 @@
<itemizedlist>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
</para>
<para>
Both <application>libpq</> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<listitem>
<para>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
Fix btree index corruption from insertions concurrent with vacuuming
...
@@ -576,6 +626,13 @@
...
@@ -576,6 +626,13 @@
</para>
</para>
</listitem>
</listitem>
<listitem>
<para>
Allow MinGW builds to use standardly-named OpenSSL libraries
(Tomasz Ostrowski)
</para>
</listitem>
</itemizedlist>
</itemizedlist>
</sect2>
</sect2>
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment