Skip to content
Snippets Groups Projects
Commit 52a41438 authored by Tom Lane's avatar Tom Lane
Browse files

Require update permission for the large object written by lo_put(). 

lo_put() surely should require UPDATE permission, the same as lowrite(),
but it failed to check for that, as reported by Chapman Flack.  Oversight
in commit c50b7c09; backpatch to 9.4 where that was introduced.

Tom Lane and Michael Paquier

Security: CVE-2017-7548
parent 15609963
No related branches found
No related tags found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment