Last-minute updates for release notes.

Security: CVE-2023-5868, CVE-2023-5869, CVE-2023-5870

diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml
index c8f8e1e2c9a0f09bf4d7c2bb253f8430eab588c3..c2f0a624465823d55451304e4ad156b015e21e53 100644 (file)
--- a/doc/src/sgml/release-16.sgml
+++ b/doc/src/sgml/release-16.sgml
@@ -27,7 +27,7 @@
     certain types of indexes yielding wrong search results or being
     unnecessarily inefficient.  It is advisable
     to REINDEX potentially-affected indexes after
-    installing this update.  See the first through fourth changelog
+    installing this update.  See the fourth through seventh changelog
     entries below.
    
   
@@ -39,6 +39,119 @@
 
     
 
+     
+      Fix handling of unknown-type arguments
+      in DISTINCT "any" aggregate
+      functions (Tom Lane)
+     
+
+     
+      This error led to a text-type value being interpreted
+      as an unknown-type value (that is, a zero-terminated
+      string) at runtime.  This could result in disclosure of server
+      memory following the text value.
+     
+
+     
+      The PostgreSQL Project thanks Jingzhou Fu
+      for reporting this problem.
+      (CVE-2023-5868)
+     
+    
+
+    
+
+     
+      Detect integer overflow while computing new array dimensions
+      (Tom Lane)
+     
+
+     
+      When assigning new elements to array subscripts that are outside the
+      current array bounds, an undetected integer overflow could occur in
+      edge cases.  Memory stomps that are potentially exploitable for
+      arbitrary code execution are possible, and so is disclosure of
+      server memory.
+     
+
+     
+      The PostgreSQL Project thanks Pedro
+      Gallegos for reporting this problem.
+      (CVE-2023-5869)
+     
+    
+
+    
+
+     
+      Prevent the pg_signal_backend role from
+      signalling background workers and autovacuum processes
+      (Noah Misch, Jelte Fennema-Nio)
+     
+
+     
+      The documentation says that pg_signal_backend
+      cannot issue signals to superuser-owned processes.  It was able to
+      signal these background processes, though, because they advertise a
+      role OID of zero.  Treat that as indicating superuser ownership.
+      The security implications of cancelling one of these process types
+      are fairly small so far as the core code goes (we'll just start
+      another one), but extensions might add background workers that are
+      more vulnerable.
+     
+
+     
+      Also ensure that the is_superuser parameter is
+      set correctly in such processes.  No specific security consequences
+      are known for that oversight, but it might be significant for some
+      extensions.
+     
+
+     
+      The PostgreSQL Project thanks
+      Hemanth Sandrana and Mahendrakar Srinivasarao
+      for reporting this problem.
+      (CVE-2023-5870)
+     
+    
+
+    
+