Last-minute updates for release notes.

Security: CVE-2021-23214, CVE-2021-23222

doc/src/sgml/release-14.sgml

@@ -25,7 +25,7 @@
    <para>
     However, note that installations using physical replication should
     update standby servers before the primary server, as explained in
-    the first changelog entry below.
+    the third changelog entry below.
    </para>
 
    <para>
@@ -43,6 +43,74 @@
 
     <listitem>
 <!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [28e241255] 2021-11-08 11:01:43 -0500
+Branch: REL_14_STABLE [9d5a76b8d] 2021-11-08 11:01:43 -0500
+Branch: REL_13_STABLE [e92ed93e8] 2021-11-08 11:01:43 -0500
+Branch: REL_12_STABLE [d1bd26740] 2021-11-08 11:01:43 -0500
+Branch: REL_11_STABLE [9394fb828] 2021-11-08 11:01:43 -0500
+Branch: REL_10_STABLE [9ae0f1112] 2021-11-08 11:01:43 -0500
+Branch: REL9_6_STABLE [046c2c846] 2021-11-08 11:01:43 -0500
+-->
+     <para>
+      Make the server reject extraneous data after an SSL or GSS
+      encryption handshake (Tom Lane)
+     </para>
+
+     <para>
+      A man-in-the-middle with the ability to inject data into the TCP
+      connection could stuff some cleartext data into the start of a
+      supposedly encryption-protected database session.
+      This could be abused to send faked SQL commands to the server,
+      although that would only work if the server did not demand any
+      authentication data.  (However, a server relying on SSL certificate
+      authentication might well not do so.)
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks
+      Jacob Champion for reporting this problem.
+      (CVE-2021-23214)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [160c02588] 2021-11-08 11:14:56 -0500
+Branch: REL_14_STABLE [30547d791] 2021-11-08 11:14:56 -0500
+Branch: REL_13_STABLE [844b31692] 2021-11-08 11:14:56 -0500
+Branch: REL_12_STABLE [36bb95ef2] 2021-11-08 11:14:56 -0500
+Branch: REL_11_STABLE [a021a1d2a] 2021-11-08 11:14:56 -0500
+Branch: REL_10_STABLE [e65d9c8cd] 2021-11-08 11:14:56 -0500
+Branch: REL9_6_STABLE [d83cdfdca] 2021-11-08 11:14:57 -0500
+-->
+     <para>
+      Make <application>libpq</application> reject extraneous data after
+      an SSL or GSS encryption handshake (Tom Lane)
+     </para>
+
+     <para>
+      A man-in-the-middle with the ability to inject data into the TCP
+      connection could stuff some cleartext data into the start of a
+      supposedly encryption-protected database session.
+      This could probably be abused to inject faked responses to the
+      client's first few queries, although other details of libpq's
+      behavior make that harder than it sounds.  A different line of
+      attack is to exfiltrate the client's password, or other sensitive
+      data that might be sent early in the session.  That has been shown
+      to be possible with a server vulnerable to CVE-2021-23214.
+     </para>
+
+     <para>
+      The <productname>PostgreSQL</productname> Project thanks
+      Jacob Champion for reporting this problem.
+      (CVE-2021-23222)
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Alvaro Herrera <alvherre@alvh.no-ip.org>
 Branch: master [ff9f111bc] 2021-09-29 11:21:51 -0300
 Branch: REL_14_STABLE [64a8687a6] 2021-09-29 11:41:01 -0300
@@ -338,6 +406,22 @@ Branch: REL9_6_STABLE [0de8f9bc8] 2021-10-06 13:24:22 +0100
 
     <listitem>
 <!--
+Author: David Rowley <drowley@postgresql.org>
+Branch: master [39a310567] 2021-11-08 14:40:33 +1300
+Branch: REL_14_STABLE [1f194ed6c] 2021-11-08 14:41:13 +1300
+-->
+     <para>
+      Avoid choosing the wrong hash equality operator for Memoize plans
+      (David Rowley)
+     </para>
+
+     <para>
+      This error could result in crashes or incorrect query results.
+     </para>
+    </listitem>
+
+    <listitem>
+<!--
 Author: Tom Lane <tgl@sss.pgh.pa.us>
 Branch: master [4d5f651f1] 2021-10-14 12:43:55 -0400
 Branch: REL_14_STABLE [fd059ac2e] 2021-10-14 12:43:43 -0400