Revisions to the 2023-02-09 security release

Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>

diff --git a/update_releases/current/20230209securityrelease.md b/update_releases/current/20230209securityrelease.md
index daf5758b48db09f592bb89a5f491248305376769..a27a9fca84b52f6697666c365d75e9941066b9d8 100644 (file)
--- a/update_releases/current/20230209securityrelease.md
+++ b/update_releases/current/20230209securityrelease.md
@@ -13,10 +13,11 @@ Security Issues
 
 Versions Affected: 12 - 15.
 
-A modified, unauthenticated server can send an unterminated string during the
-establishment of Kerberos transport encryption.  When a `libpq` client
-application has a Kerberos credential cache and doesn't explicitly disable
-option [`gssencmode`](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-GSSENCMODE),
+A modified, unauthenticated server or an unauthenticated man-in-the-middle can
+send an unterminated string during the establishment of Kerberos transport
+encryption.  When a `libpq` client application has a Kerberos credential cache
+and doesn't explicitly disable option
+[`gssencmode`](https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-GSSENCMODE),
 a server can cause `libpq` to over-read and report an error message containing
 uninitialized bytes from and following its receive buffer. If `libpq`'s caller
 somehow makes that message accessible to the attacker, this achieves a
@@ -43,7 +44,7 @@ table or the child generated column has different dependencies than the parent.
 command.
 * Allow a
 [`WITH RECURSIVE ... CYCLE`](https://www.postgresql.org/docs/current/queries-with.html#QUERIES-WITH-CYCLE)
-query to access its output column.
+query to access its `SET` output column.
 * Fix an issue with bulk insertions on foreign tables that could lead to logical
 inconsistencies, for example, a `BEFORE ROW` trigger may not process rows that
 should be available.
@@ -51,10 +52,11 @@ should be available.
 [`jsonpath`](https://www.postgresql.org/docs/current/functions-json.html#FUNCTIONS-SQLJSON-PATH)
 existence checks.
 * Fix for [`jsonb` subscripting](https://www.postgresql.org/docs/current/datatype-json.html#JSONB-SUBSCRIPTING)
-to handle very large subscript values.
+that come directly from a `text` column in a table.
 * Honor updated values of `checkpoint_completion_target` on reload.
 * Log the correct ending timestamp in `recovery_target_xid` mode.
-* Fix issue to allow longer column lists when using logical replication.
+* Fix issue to allow column lists longer than 100 when using logical
+replication.
 * Prevent "wrong tuple length" failure at the end of
 [`VACUUM`](https://www.postgresql.org/docs/current/sql-vacuum.html).
 * Avoid an immediate commit after
@@ -64,7 +66,7 @@ query pipelining.
 opportunities for using
 [memoization with partitionwise joins](https://www.postgresql.org/docs/current/runtime-config-query.html).
 * Fix for statistics collection to correctly handle when a relation changes
-(e.g. a table is converted to a view).
+type (e.g. a table is converted to a view).
 * Ensure [full text search](https://www.postgresql.org/docs/current/textsearch.html)
 queries can be cancelled while performing phrase matches.
 * Fix deadlock between [`DROP DATABASE`](https://www.postgresql.org/docs/current/sql-dropdatabase.html)