Add entries for security and not-quite-security issues.
Security: CVE-2015-5288, CVE-2015-5289
<itemizedlist>
+ <listitem>
+ <para>
+ Fix <filename>contrib/pgcrypto</> to detect and report
+ too-short <function>crypt()</> salts (Josh Kupershmidt)
+ </para>
+
+ <para>
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
</para>
</listitem>
+ <listitem>
+ <para>
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
<itemizedlist>
+ <listitem>
+ <para>
+ Fix <filename>contrib/pgcrypto</> to detect and report
+ too-short <function>crypt()</> salts (Josh Kupershmidt)
+ </para>
+
+ <para>
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
</para>
</listitem>
+ <listitem>
+ <para>
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
<itemizedlist>
+ <listitem>
+ <para>
+ Fix <filename>contrib/pgcrypto</> to detect and report
+ too-short <function>crypt()</> salts (Josh Kupershmidt)
+ </para>
+
+ <para>
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
</para>
</listitem>
+ <listitem>
+ <para>
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
+ <type>ltxtquery</> and <type>query_int</> (Noah Misch)
+ </para>
+ </listitem>
+
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
projects / postgresql.git / commitdiff