oss-sec mailing list archives

Re: CVE Request: colord sql injections

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 25 Nov 2011 16:16:00 +0100

Jan Lieskovsky wrote:

On 11/25/2011 11:55 AM, Ludwig Nussel wrote:

colord did not quote user supplied strings which made it prone to
SQL injections:
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.novell.com/show_bug.cgi?id=698250


Just to have this one sorted out wrt to the patches, the relevant
upstream patches are these two:
[1] http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
[2] http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e

right?


Yes.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)

Current thread:

CVE Request: colord sql injections Ludwig Nussel (Nov 25)
- Re: CVE Request: colord sql injections Jan Lieskovsky (Nov 25)
  - Re: CVE Request: colord sql injections Ludwig Nussel (Nov 25)
  - Re: CVE Request: colord sql injections Kurt Seifried (Nov 25)