diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2019-06-16 11:00:23 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2019-06-16 11:00:23 -0400 |
| commit | 6973b058bc8d32e104bed99c134a4fab4b5dfe13 (patch) | |
| tree | 0e883e7b23cfc14f2021dcfd8fcae57c4d3c4e3c /contrib/jsonb_plpython/jsonb_plpython.c | |
| parent | fc8cf3df478e054b892f6698b6d336e72f3a7328 (diff) | |
| download | postgresql-6973b058bc8d32e104bed99c134a4fab4b5dfe13.tar.gz postgresql-6973b058bc8d32e104bed99c134a4fab4b5dfe13.zip | |
Further fix privileges on pg_statistic_ext[_data].
We don't need to restrict column privileges on pg_statistic_ext;
all of that data is OK to read publicly. What we *do* need to do,
which was overlooked by 6cbfb784c, is revoke public read access on
pg_statistic_ext_data; otherwise we still have the same security
hole we started with.
Catversion bump to ensure that installations calling themselves
beta2 will have this fix.
Diagnosis/correction by Dean Rasheed and Tomas Vondra, but I'm
going to go ahead and push this fix ASAP so we get more buildfarm
cycles on it.
Discussion: https://postgr.es/m/8833.1560647898@sss.pgh.pa.us
Diffstat (limited to 'contrib/jsonb_plpython/jsonb_plpython.c')
0 files changed, 0 insertions, 0 deletions