diff --git a/doc/src/sgml/release-8.2.sgml b/doc/src/sgml/release-8.2.sgml
index dd82ee69d3a43386b37df9f000e475dba88bee16..2dd49d6a063e9bbdb68c74f4033e88d14b09c578 100644
--- a/doc/src/sgml/release-8.2.sgml
+++ b/doc/src/sgml/release-8.2.sgml
@@ -100,6 +100,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
diff --git a/doc/src/sgml/release-8.3.sgml b/doc/src/sgml/release-8.3.sgml
index 5d691a4183f251797357a9d798ff0b88d04467e6..c0595ab5df0820d77595eca7c9a83cd2d73a5394 100644
--- a/doc/src/sgml/release-8.3.sgml
+++ b/doc/src/sgml/release-8.3.sgml
@@ -100,6 +100,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml
index 8d00a55f5d493ed496c87e5904a9cc944a8a8e46..5cabfb4d01406007369616b4e94b573defb26682 100644
--- a/doc/src/sgml/release-8.4.sgml
+++ b/doc/src/sgml/release-8.4.sgml
@@ -100,6 +100,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml
index 482f628fb797e30d235afbb5020cced918080c0b..dcd9e1e22c1499b3bd04c71bdc5e787c12ef33d6 100644
--- a/doc/src/sgml/release-9.0.sgml
+++ b/doc/src/sgml/release-9.0.sgml
@@ -144,6 +144,19 @@
      </para>
     </listitem>
 
+    <listitem>
+     <para>
+      Fix buffer overrun in <filename>contrib/intarray</>'s input function
+      for the <type>query_int</> type (Apple)
+     </para>
+
+     <para>
+      This bug is a security risk since the function's return address could
+      be overwritten.  Thanks to Apple Inc's security team for reporting this
+      issue and supplying the fix.  (CVE-2010-4015)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm