Skip to content

Commit 91d070c

Browse files
tglsfdctglsfdc
committed
Last-minute updates for release notes.
Security: CVE-2025-12817, CVE-2025-12818
1 parent 00eb646 commit 91d070c

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

doc/src/sgml/release-18.sgml

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,67 @@
3030

3131
<listitem>
3232
<!--
33+
Author: Nathan Bossart <[email protected]>
34+
Branch: master [5e4fcbe53] 2025-11-10 09:00:00 -0600
35+
Branch: REL_18_STABLE [00eb646ea] 2025-11-10 09:00:00 -0600
36+
Branch: REL_17_STABLE [e2fb3dfa8] 2025-11-10 09:00:00 -0600
37+
Branch: REL_16_STABLE [d20abb587] 2025-11-10 09:00:00 -0600
38+
Branch: REL_15_STABLE [2393d374a] 2025-11-10 09:00:00 -0600
39+
Branch: REL_14_STABLE [95cce5669] 2025-11-10 09:00:00 -0600
40+
Branch: REL_13_STABLE [8a2530ebc] 2025-11-10 09:00:00 -0600
41+
-->
42+
<para>
43+
Check for <literal>CREATE</literal> privileges on the schema
44+
in <command>CREATE STATISTICS</command> (Jelte Fennema-Nio)
45+
<ulink url="&commit_baseurl;00eb646ea">&sect;</ulink>
46+
</para>
47+
48+
<para>
49+
This omission allowed table owners to create statistics in any
50+
schema, potentially leading to unexpected naming conflicts.
51+
</para>
52+
53+
<para>
54+
The <productname>PostgreSQL</productname> Project thanks
55+
Jelte Fennema-Nio for reporting this problem.
56+
(CVE-2025-12817)
57+
</para>
58+
</listitem>
59+
60+
<listitem>
61+
<!--
62+
Author: Jacob Champion <[email protected]>
63+
Branch: master [600086f47] 2025-11-10 06:20:33 -0800
64+
Branch: REL_18_STABLE [7eb8fcad8] 2025-11-10 06:03:01 -0800
65+
Branch: REL_17_STABLE [f5999f018] 2025-11-10 06:03:03 -0800
66+
Branch: REL_16_STABLE [585fd9b3c] 2025-11-10 06:03:04 -0800
67+
Branch: REL_15_STABLE [91421565f] 2025-11-10 06:03:05 -0800
68+
Branch: REL_14_STABLE [96d2c7e96] 2025-11-10 06:03:05 -0800
69+
Branch: REL_13_STABLE [d6f0c0d6d] 2025-11-10 06:03:06 -0800
70+
-->
71+
<para>
72+
Avoid integer overflow in allocation-size calculations
73+
within <application>libpq</application> (Jacob Champion)
74+
<ulink url="&commit_baseurl;7eb8fcad8">&sect;</ulink>
75+
</para>
76+
77+
<para>
78+
Several places in <application>libpq</application> were not
79+
sufficiently careful about computing the required size of a memory
80+
allocation. Sufficiently large inputs could cause integer overflow,
81+
resulting in an undersized buffer, which would then lead to writing
82+
past the end of the buffer.
83+
</para>
84+
85+
<para>
86+
The <productname>PostgreSQL</productname> Project thanks Aleksey
87+
Solovev of Positive Technologies for reporting this problem.
88+
(CVE-2025-12818)
89+
</para>
90+
</listitem>
91+
92+
<listitem>
93+
<!--
3394
Author: Amit Langote <[email protected]>
3495
Branch: master [ef5e60a9d] 2025-10-09 01:07:59 -0400
3596
Branch: REL_18_STABLE [dc9125111] 2025-10-09 01:07:52 -0400

0 commit comments

Comments
 (0)