Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2011-4349

Published: 25 November 2011

Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

Notes

AuthorNote
tyhicks
colord runs as colord but unpriv'ed users can create devices

Priority

Medium

Status

Package Release Status
colord
Launchpad, Ubuntu, Debian
upstream
Released (0.1.15)
hardy Does not exist

lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric
Released (0.1.12-1ubuntu2.1)
Patches:
upstream: http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
upstream: http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e