From 8a503891636f2b02b3008a91ff0ff07838851ee5 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Mon, 4 Jun 2012 09:43:37 +0200
Subject: [PATCH] Description of security vulns in new release

---
 templates/pages/support/security.html | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/templates/pages/support/security.html b/templates/pages/support/security.html
index ac412b4b..2bfc8821 100644
--- a/templates/pages/support/security.html
+++ b/templates/pages/support/security.html
@@ -61,6 +61,24 @@ to determine if the bug affects specific installations or not.
    <th class="colLast">Description</th>
   </tr>
 
+  <tr valign="top">
+   <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143">CVE-2012-2143</a></td>
+   <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+   <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
+   <td class="colMid">contrib module</td>
+   <td class="colMid">C</td>
+   <td class="colLast">Passwords containing the byte 0x80 passed to the crypt() function in pg_crypto are incorrectly truncated if DES encryption was used</td>
+  </tr>
+
+  <tr valign="top">
+   <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866">CVE-2012-2655</a></td>
+   <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
+   <td class="colMid">9.1.4, 9.0.8, 8.4.12, 8.3.19</td>
+   <td class="colMid">core server</td>
+   <td class="colMid">D</td>
+   <td class="colLast">SECURITY DEFINER and SET attributes on procedural call handlers are not ignored and can be used to crash the server</td>
+  </tr>
+
   <tr valign="top">
    <td class="colFirst"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0866">CVE-2012-0866</a></td>
    <td class="colMid">9.1, 9.0, 8.4, 8.3</td>
-- 
2.39.5