Skip to content

Commit ee953cd

Browse files
tglsfdctglsfdc
committed
Last-minute updates for release notes.
Security: CVE-2025-12817, CVE-2025-12818
1 parent 95cce56 commit ee953cd

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

doc/src/sgml/release-14.sgml

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,67 @@
3535

3636
<listitem>
3737
<!--
38+
Author: Nathan Bossart <nathan@postgresql.org>
39+
Branch: master [5e4fcbe53] 2025-11-10 09:00:00 -0600
40+
Branch: REL_18_STABLE [00eb646ea] 2025-11-10 09:00:00 -0600
41+
Branch: REL_17_STABLE [e2fb3dfa8] 2025-11-10 09:00:00 -0600
42+
Branch: REL_16_STABLE [d20abb587] 2025-11-10 09:00:00 -0600
43+
Branch: REL_15_STABLE [2393d374a] 2025-11-10 09:00:00 -0600
44+
Branch: REL_14_STABLE [95cce5669] 2025-11-10 09:00:00 -0600
45+
Branch: REL_13_STABLE [8a2530ebc] 2025-11-10 09:00:00 -0600
46+
-->
47+
<para>
48+
Check for <literal>CREATE</literal> privileges on the schema
49+
in <command>CREATE STATISTICS</command> (Jelte Fennema-Nio)
50+
<ulink url="&commit_baseurl;95cce5669">&sect;</ulink>
51+
</para>
52+
53+
<para>
54+
This omission allowed table owners to create statistics in any
55+
schema, potentially leading to unexpected naming conflicts.
56+
</para>
57+
58+
<para>
59+
The <productname>PostgreSQL</productname> Project thanks
60+
Jelte Fennema-Nio for reporting this problem.
61+
(CVE-2025-12817)
62+
</para>
63+
</listitem>
64+
65+
<listitem>
66+
<!--
67+
Author: Jacob Champion <jchampion@postgresql.org>
68+
Branch: master [600086f47] 2025-11-10 06:20:33 -0800
69+
Branch: REL_18_STABLE [7eb8fcad8] 2025-11-10 06:03:01 -0800
70+
Branch: REL_17_STABLE [f5999f018] 2025-11-10 06:03:03 -0800
71+
Branch: REL_16_STABLE [585fd9b3c] 2025-11-10 06:03:04 -0800
72+
Branch: REL_15_STABLE [91421565f] 2025-11-10 06:03:05 -0800
73+
Branch: REL_14_STABLE [96d2c7e96] 2025-11-10 06:03:05 -0800
74+
Branch: REL_13_STABLE [d6f0c0d6d] 2025-11-10 06:03:06 -0800
75+
-->
76+
<para>
77+
Avoid integer overflow in allocation-size calculations
78+
within <application>libpq</application> (Jacob Champion)
79+
<ulink url="&commit_baseurl;96d2c7e96">&sect;</ulink>
80+
</para>
81+
82+
<para>
83+
Several places in <application>libpq</application> were not
84+
sufficiently careful about computing the required size of a memory
85+
allocation. Sufficiently large inputs could cause integer overflow,
86+
resulting in an undersized buffer, which would then lead to writing
87+
past the end of the buffer.
88+
</para>
89+
90+
<para>
91+
The <productname>PostgreSQL</productname> Project thanks Aleksey
92+
Solovev of Positive Technologies for reporting this problem.
93+
(CVE-2025-12818)
94+
</para>
95+
</listitem>
96+
97+
<listitem>
98+
<!--
3899
Author: Tom Lane <tgl@sss.pgh.pa.us>
39100
Branch: master [cdf7feb96] 2025-09-13 16:55:51 -0400
40101
Branch: REL_18_STABLE Release: REL_18_0 [802308693] 2025-09-13 16:55:51 -0400

0 commit comments

Comments
 (0)