Last-minute updates for release notes.REL9_4_2

Revise description of CVE-2015-3166, in line with scaled-back patch. Change release date. Security: CVE-2015-3166
author: Tom Lane <tgl@sss.pgh.pa.us> 2015-05-19 18:33:58 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2015-05-19 18:33:58 -0400
commit: bd9c6dc9ab9de8f07647015af65d6d2cec0057e3 (patch)
tree: dd07443b3578dbf8840168d2dd31c72ed47df9a6
parent: 2eb2fcd56b76ff7aef03f7de772e7459997e61ad (diff)
download: postgresql-bd9c6dc9ab9de8f07647015af65d6d2cec0057e3.tar.gz
5 files changed, 87 insertions, 50 deletions
diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml
index a3d9461fa6..9794b5b3b7 100644
--- a/doc/src/sgml/release-9.0.sgml
+++ b/doc/src/sgml/release-9.0.sgml
@@ -6,7 +6,7 @@
 
   <note>
   <title>Release Date</title>
-  <simpara>2015-05-21</simpara>
+  <simpara>2015-05-22</simpara>
   </note>
 
   <para>
@@ -58,18 +58,24 @@
 
     <listitem>
      <para>
-      Consistently check for failure of the <function>*printf()</> family of
-      functions (Noah Misch)
+      Improve detection of system-call failures (Noah Misch)
      </para>
 
      <para>
-      Most calls of these functions did not consider the possibility that
-      the functions could fail with, eg, out-of-memory conditions.  The usual
-      result would just be missing output, but crashes or exposure of
-      unintended information are also possible.  To protect against such
-      risks uniformly, create wrappers around these functions that throw an
-      error on failure.  Also add missing error checks to a few
-      security-relevant calls of other system functions.
+      Our replacement implementation of <function>snprintf()</> failed to
+      check for errors reported by the underlying system library calls;
+      the main case that might be missed is out-of-memory situations.
+      In the worst case this might lead to information exposure, due to our
+      code assuming that a buffer had been overwritten when it hadn't been.
+      Also, there were a few places in which security-relevant calls of other
+      system library functions did not check for failure.
+     </para>
+
+     <para>
+      It remains possible that some calls of the <function>*printf()</>
+      family of functions are vulnerable to information disclosure if an
+      out-of-memory error occurs at just the wrong time.  We judge the risk
+      to not be large, but will continue analysis in this area.
       (CVE-2015-3166)
      </para>
     </listitem>
diff --git a/doc/src/sgml/release-9.1.sgml b/doc/src/sgml/release-9.1.sgml
index 82dde5e038..f6c0d13157 100644
--- a/doc/src/sgml/release-9.1.sgml
+++ b/doc/src/sgml/release-9.1.sgml
@@ -6,7 +6,7 @@
 
   <note>
   <title>Release Date</title>
-  <simpara>2015-05-21</simpara>
+  <simpara>2015-05-22</simpara>
   </note>
 
   <para>
@@ -58,18 +58,24 @@
 
     <listitem>
      <para>
-      Consistently check for failure of the <function>*printf()</> family of
-      functions (Noah Misch)
+      Improve detection of system-call failures (Noah Misch)
      </para>
 
      <para>
-      Most calls of these functions did not consider the possibility that
-      the functions could fail with, eg, out-of-memory conditions.  The usual
-      result would just be missing output, but crashes or exposure of
-      unintended information are also possible.  To protect against such
-      risks uniformly, create wrappers around these functions that throw an
-      error on failure.  Also add missing error checks to a few
-      security-relevant calls of other system functions.
+      Our replacement implementation of <function>snprintf()</> failed to
+      check for errors reported by the underlying system library calls;
+      the main case that might be missed is out-of-memory situations.
+      In the worst case this might lead to information exposure, due to our
+      code assuming that a buffer had been overwritten when it hadn't been.
+      Also, there were a few places in which security-relevant calls of other
+      system library functions did not check for failure.
+     </para>
+
+     <para>
+      It remains possible that some calls of the <function>*printf()</>
+      family of functions are vulnerable to information disclosure if an
+      out-of-memory error occurs at just the wrong time.  We judge the risk
+      to not be large, but will continue analysis in this area.
       (CVE-2015-3166)
      </para>
     </listitem>
diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml
index ff715efaa5..168a387d34 100644
--- a/doc/src/sgml/release-9.2.sgml
+++ b/doc/src/sgml/release-9.2.sgml
@@ -6,7 +6,7 @@
 
   <note>
   <title>Release Date</title>
-  <simpara>2015-05-21</simpara>
+  <simpara>2015-05-22</simpara>
   </note>
 
   <para>
@@ -58,18 +58,24 @@
 
     <listitem>
      <para>
-      Consistently check for failure of the <function>*printf()</> family of
-      functions (Noah Misch)
+      Improve detection of system-call failures (Noah Misch)
      </para>
 
      <para>
-      Most calls of these functions did not consider the possibility that
-      the functions could fail with, eg, out-of-memory conditions.  The usual
-      result would just be missing output, but crashes or exposure of
-      unintended information are also possible.  To protect against such
-      risks uniformly, create wrappers around these functions that throw an
-      error on failure.  Also add missing error checks to a few
-      security-relevant calls of other system functions.
+      Our replacement implementation of <function>snprintf()</> failed to
+      check for errors reported by the underlying system library calls;
+      the main case that might be missed is out-of-memory situations.
+      In the worst case this might lead to information exposure, due to our
+      code assuming that a buffer had been overwritten when it hadn't been.
+      Also, there were a few places in which security-relevant calls of other
+      system library functions did not check for failure.
+     </para>
+
+     <para>
+      It remains possible that some calls of the <function>*printf()</>
+      family of functions are vulnerable to information disclosure if an
+      out-of-memory error occurs at just the wrong time.  We judge the risk
+      to not be large, but will continue analysis in this area.
       (CVE-2015-3166)
      </para>
     </listitem>
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index 4c0d853543..38f3354bd8 100644
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -6,7 +6,7 @@
 
   <note>
   <title>Release Date</title>
-  <simpara>2015-05-21</simpara>
+  <simpara>2015-05-22</simpara>
   </note>
 
   <para>
@@ -58,18 +58,24 @@
 
     <listitem>
      <para>
-      Consistently check for failure of the <function>*printf()</> family of
-      functions (Noah Misch)
+      Improve detection of system-call failures (Noah Misch)
      </para>
 
      <para>
-      Most calls of these functions did not consider the possibility that
-      the functions could fail with, eg, out-of-memory conditions.  The usual
-      result would just be missing output, but crashes or exposure of
-      unintended information are also possible.  To protect against such
-      risks uniformly, create wrappers around these functions that throw an
-      error on failure.  Also add missing error checks to a few
-      security-relevant calls of other system functions.
+      Our replacement implementation of <function>snprintf()</> failed to
+      check for errors reported by the underlying system library calls;
+      the main case that might be missed is out-of-memory situations.
+      In the worst case this might lead to information exposure, due to our
+      code assuming that a buffer had been overwritten when it hadn't been.
+      Also, there were a few places in which security-relevant calls of other
+      system library functions did not check for failure.
+     </para>
+
+     <para>
+      It remains possible that some calls of the <function>*printf()</>
+      family of functions are vulnerable to information disclosure if an
+      out-of-memory error occurs at just the wrong time.  We judge the risk
+      to not be large, but will continue analysis in this area.
       (CVE-2015-3166)
      </para>
     </listitem>
diff --git a/doc/src/sgml/release-9.4.sgml b/doc/src/sgml/release-9.4.sgml
index ec5dce4486..e9d1d29aa3 100644
--- a/doc/src/sgml/release-9.4.sgml
+++ b/doc/src/sgml/release-9.4.sgml
@@ -6,7 +6,7 @@
 
   <note>
   <title>Release Date</title>
-  <simpara>2015-05-21</simpara>
+  <simpara>2015-05-22</simpara>
   </note>
 
   <para>
@@ -87,22 +87,35 @@ Branch: REL9_3_STABLE [c669915fd] 2015-05-18 10:02:37 -0400
 Branch: REL9_2_STABLE [01272d95a] 2015-05-18 10:02:37 -0400
 Branch: REL9_1_STABLE [2cb9f2cab] 2015-05-18 10:02:38 -0400
 Branch: REL9_0_STABLE [9b5e831e3] 2015-05-18 10:02:38 -0400
+Author: Tom Lane <tgl@sss.pgh.pa.us>
+Branch: master [0c071936e] 2015-05-19 18:19:38 -0400
+Branch: REL9_4_STABLE [2eb2fcd56] 2015-05-19 18:16:19 -0400
+Branch: REL9_3_STABLE [13341276e] 2015-05-19 18:16:58 -0400
+Branch: REL9_2_STABLE [221f7a949] 2015-05-19 18:17:42 -0400
+Branch: REL9_1_STABLE [0510cff6e] 2015-05-19 18:18:16 -0400
+Branch: REL9_0_STABLE [cf893530a] 2015-05-19 18:18:56 -0400
 -->
 
     <listitem>
      <para>
-      Consistently check for failure of the <function>*printf()</> family of
-      functions (Noah Misch)
+      Improve detection of system-call failures (Noah Misch)
+     </para>
+
+     <para>
+      Our replacement implementation of <function>snprintf()</> failed to
+      check for errors reported by the underlying system library calls;
+      the main case that might be missed is out-of-memory situations.
+      In the worst case this might lead to information exposure, due to our
+      code assuming that a buffer had been overwritten when it hadn't been.
+      Also, there were a few places in which security-relevant calls of other
+      system library functions did not check for failure.
      </para>
 
      <para>
-      Most calls of these functions did not consider the possibility that
-      the functions could fail with, eg, out-of-memory conditions.  The usual
-      result would just be missing output, but crashes or exposure of
-      unintended information are also possible.  To protect against such
-      risks uniformly, create wrappers around these functions that throw an
-      error on failure.  Also add missing error checks to a few
-      security-relevant calls of other system functions.
+      It remains possible that some calls of the <function>*printf()</>
+      family of functions are vulnerable to information disclosure if an
+      out-of-memory error occurs at just the wrong time.  We judge the risk
+      to not be large, but will continue analysis in this area.
       (CVE-2015-3166)
      </para>
     </listitem>
author	Tom Lane <tgl@sss.pgh.pa.us>	2015-05-19 18:33:58 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2015-05-19 18:33:58 -0400
commit	bd9c6dc9ab9de8f07647015af65d6d2cec0057e3 (patch)
tree	dd07443b3578dbf8840168d2dd31c72ed47df9a6
parent	2eb2fcd56b76ff7aef03f7de772e7459997e61ad (diff)
download	postgresql-bd9c6dc9ab9de8f07647015af65d6d2cec0057e3.tar.gz