From da61f86011e8af49207a23156d10b323416c7f7e Mon Sep 17 00:00:00 2001
From: Tom Lane
Date: Thu, 27 Jan 2011 17:45:51 -0500
Subject: Update release notes.

Security: CVE-2010-4015
---
 doc/src/sgml/release-8.2.sgml | 13 +++++++++++++
 doc/src/sgml/release-8.3.sgml | 13 +++++++++++++
 2 files changed, 26 insertions(+)

(limited to 'doc/src')

diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml
index dd82ee69d3a..2dd49d6a063 100644
--- a/doc/src/sgml/release-8.2.sgml
+++ b/doc/src/sgml/release-8.2.sgml
@@ -100,6 +100,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml
index 5d691a4183f..c0595ab5df0 100644
--- a/doc/src/sgml/release-8.3.sgml
+++ b/doc/src/sgml/release-8.3.sgml
@@ -100,6 +100,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
-- 
cgit v1.2.3