Add entries for security and not-quite-security issues.
Security: CVE-2015-5288, CVE-2015-5289
+
+ Fix contrib/pgcrypto to detect and report
+ too-short crypt() salts (Josh Kupershmidt)
+
+
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+
+
+
Fix subtransaction cleanup after a portal (cursor) belonging to an
+
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, json, jsonb, tsquery,
+ ltxtquery and query_int (Noah Misch)
+
+
+
Fix handling of DOW and DOY in datetime input
+
+ Fix contrib/pgcrypto to detect and report
+ too-short crypt() salts (Josh Kupershmidt)
+
+
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+
+
+
Fix subtransaction cleanup after a portal (cursor) belonging to an
+
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, json, jsonb, tsquery,
+ ltxtquery and query_int (Noah Misch)
+
+
+
Fix handling of DOW and DOY in datetime input
+
+ Fix contrib/pgcrypto to detect and report
+ too-short crypt() salts (Josh Kupershmidt)
+
+
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+
+
+
Fix subtransaction cleanup after a portal (cursor) belonging to an
+
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, json, jsonb, tsquery,
+ ltxtquery and query_int (Noah Misch)
+
+
+
Fix handling of DOW and DOY in datetime input
+
+ Guard against stack overflows in json parsing
+ (Oskari Saarenmaa)
+
+
+ If an application constructs PostgreSQL json
+ or jsonb values from arbitrary user input, the application's
+ users can reliably crash the PostgreSQL server, causing momentary
+ denial of service. (CVE-2015-5289)
+
+
+
+
+ Fix contrib/pgcrypto to detect and report
+ too-short crypt() salts (Josh Kupershmidt)
+
+
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+
+
+
Fix subtransaction cleanup after a portal (cursor) belonging to an
+
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, json, jsonb, tsquery,
+ ltxtquery and query_int (Noah Misch)
+
+
+
Fix handling of DOW and DOY in datetime input
+
+
+
+ Guard against stack overflows in json parsing
+ (Oskari Saarenmaa)
+
+
+ If an application constructs PostgreSQL json
+ or jsonb values from arbitrary user input, the application's
+ users can reliably crash the PostgreSQL server, causing momentary
+ denial of service. (CVE-2015-5289)
+
+
+
+
+
+
+ Fix contrib/pgcrypto to detect and report
+ too-short crypt() salts (Josh Kupershmidt)
+
+
+ Certain invalid salt arguments crashed the server or disclosed a few
+ bytes of server memory. We have not ruled out the viability of
+ attacks that arrange for presence of confidential information in the
+ disclosed bytes, but they seem unlikely. (CVE-2015-5288)
+
+
+
+
+
+
+ Guard against hard-to-reach stack overflows involving record types,
+ range types, json, jsonb, tsquery,
+ ltxtquery and query_int (Noah Misch)
+
+
+
projects / postgresql.git / commitdiff