Last-minute updates for release notes.

Security: CVE-2017-12172, CVE-2017-15098, CVE-2017-15099

diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml
index f0283ad500f02a356e392b89cd4970428c495101..e1bfb2e2b223a356e6a39b555cdbb5f7a9381bde 100644 (file)
--- a/doc/src/sgml/release-9.2.sgml
+++ b/doc/src/sgml/release-9.2.sgml
@@ -40,6 +40,31 @@
 
    
 
+    
+     
+      Fix sample server-start scripts to become $PGUSER
+      before opening $PGLOG (Noah Misch)
+     
+
+     
+      Previously, the postmaster log file was opened while still running as
+      root.  The database owner could therefore mount an attack against
+      another system user by making $PGLOG be a symbolic
+      link to some other file, which would then become corrupted by appending
+      log messages.
+     
+
+     
+      By default, these scripts are not installed anywhere.  Users who have
+      made use of them will need to manually recopy them, or apply the same
+      changes to their modified versions.  If the
+      existing $PGLOG file is root-owned, it will need to
+      be removed or renamed out of the way before restarting the server with
+      the corrected script.
+      (CVE-2017-12172)
+     
+    
+
     
      
       Properly reject attempts to convert infinite float values to

diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index 160da1ca8b9427f4734f83162e56c5e14f1d4c22..b198f85d802c29ee28e888781df79b6b3992ed0b 100644 (file)
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -34,6 +34,48 @@
 
    
 
+    
+     
+      Fix crash due to rowtype mismatch
+      in json{b}_populate_recordset()
+      (Michael Paquier, Tom Lane)
+     
+
+     
+      These functions used the result rowtype specified in the FROM
+      ... AS clause without checking that it matched the actual
+      rowtype of the supplied tuple value.  If it didn't, that would usually
+      result in a crash, though disclosure of server memory contents seems
+      possible as well.
+      (CVE-2017-15098)
+     
+    
+
+    
+     
+      Fix sample server-start scripts to become $PGUSER
+      before opening $PGLOG (Noah Misch)
+     
+
+     
+      Previously, the postmaster log file was opened while still running as
+      root.  The database owner could therefore mount an attack against
+      another system user by making $PGLOG be a symbolic
+      link to some other file, which would then become corrupted by appending
+      log messages.
+     
+
+     
+      By default, these scripts are not installed anywhere.  Users who have
+      made use of them will need to manually recopy them, or apply the same
+      changes to their modified versions.  If the
+      existing $PGLOG file is root-owned, it will need to
+      be removed or renamed out of the way before restarting the server with
+      the corrected script.
+      (CVE-2017-12172)
+     
+    
+
     
      
       Properly reject attempts to convert infinite float values to