[COMMITTERS] pgsql: Require update permission for the large object written by lo_put
Require update permission for the large object written by lo_put(). lo_put() surely should require UPDATE permission, the same as lowrite(), but it failed to check for that, as reported by Chapman Flack. Oversight in commit c50b7c09d; backpatch to 9.4 where that was introduced. Tom Lane and Michael Paquier Security: CVE-2017-7548 Branch -- REL9_4_STABLE Details --- https://git.postgresql.org/pg/commitdiff/f1cda6d6cbb2b551331802cab57957fa5307cf2c Modified Files -- src/backend/libpq/be-fsstubs.c | 12 src/test/regress/expected/privileges.out | 10 ++ src/test/regress/sql/privileges.sql | 4 3 files changed, 26 insertions(+) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Require update permission for the large object written by lo_put
Require update permission for the large object written by lo_put(). lo_put() surely should require UPDATE permission, the same as lowrite(), but it failed to check for that, as reported by Chapman Flack. Oversight in commit c50b7c09d; backpatch to 9.4 where that was introduced. Tom Lane and Michael Paquier Security: CVE-2017-7548 Branch -- REL9_6_STABLE Details --- https://git.postgresql.org/pg/commitdiff/52a414387e192a89f5fec19d9876159d03cf112b Modified Files -- src/backend/libpq/be-fsstubs.c | 12 src/test/regress/expected/privileges.out | 10 ++ src/test/regress/sql/privileges.sql | 4 3 files changed, 26 insertions(+) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Require update permission for the large object written by lo_put
Require update permission for the large object written by lo_put(). lo_put() surely should require UPDATE permission, the same as lowrite(), but it failed to check for that, as reported by Chapman Flack. Oversight in commit c50b7c09d; backpatch to 9.4 where that was introduced. Tom Lane and Michael Paquier Security: CVE-2017-7548 Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/8d9881911f0d30e0783a6bb1363b94a2c817433d Modified Files -- src/backend/libpq/be-fsstubs.c | 12 src/test/regress/expected/privileges.out | 10 ++ src/test/regress/sql/privileges.sql | 4 3 files changed, 26 insertions(+) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
[COMMITTERS] pgsql: Require update permission for the large object written by lo_put
Require update permission for the large object written by lo_put(). lo_put() surely should require UPDATE permission, the same as lowrite(), but it failed to check for that, as reported by Chapman Flack. Oversight in commit c50b7c09d; backpatch to 9.4 where that was introduced. Tom Lane and Michael Paquier Security: CVE-2017-7548 Branch -- REL9_5_STABLE Details --- https://git.postgresql.org/pg/commitdiff/873741c6821d4fe8245b97e2adf1e8142c8b7531 Modified Files -- src/backend/libpq/be-fsstubs.c | 12 src/test/regress/expected/privileges.out | 10 ++ src/test/regress/sql/privileges.sql | 4 3 files changed, 26 insertions(+) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers