Update release notes for security-related releases in all active branches.

Security: CVE-2007-0555, CVE-2007-0556

diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml
index e26e6bd87fb45758ea134dbb759b467aff05ac40..ae5354b03e75e42bfdecbb954a1ff5d83f489281 100644 (file)
--- a/doc/src/sgml/release.sgml
+++ b/doc/src/sgml/release.sgml
@@ -5,6 +5,68 @@ $Header$
 <appendix id="release">
  <title>Release Notes</title>
 
+  <sect1 id="release-7-3-18">
+   <title>Release 7.3.18</title>
+
+   <note>
+   <title>Release date</title>
+   <simpara>2007-02-05</simpara>
+   </note>
+
+   <para>
+    This release contains a variety of fixes from 7.3.17, including
+    a security fix.
+   </para>
+
+   <sect2>
+    <title>Migration to version 7.3.18</title>
+
+    <para>
+     A dump/restore is not required for those running 7.3.X.  However,
+     if you are upgrading from a version earlier than 7.3.13, see the release
+     notes for 7.3.13.
+    </para>
+
+   </sect2>
+
+   <sect2>
+    <title>Changes</title>
+
+    <itemizedlist>
+
+     <listitem>
+     <para>
+      Remove security vulnerability that allowed connected users
+      to read backend memory (Tom)
+     </para>
+     <para>
+      The vulnerability involves changing the
+      data type of a table column used in a SQL function (CVE-2007-0555).
+      This error can easily be exploited to cause a backend crash, and in
+      principle might be used to read database content that the user
+      should not be able to access.
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Fix rare bug wherein btree index page splits could fail
+      due to choosing an infeasible split point (Heikki Linnakangas)
+     </para>
+     </listitem>
+
+     <listitem>
+     <para>
+      Tighten security of multi-byte character processing for UTF8 sequences
+      over three bytes long (Tom)
+     </para>
+     </listitem>
+
+    </itemizedlist>
+
+   </sect2>
+  </sect1>
+
   <sect1 id="release-7-3-17">
    <title>Release 7.3.17</title>