Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: colord sql injections
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Fri, 25 Nov 2011 16:16:00 +0100

Jan Lieskovsky wrote:
On 11/25/2011 11:55 AM, Ludwig Nussel wrote:
colord did not quote user supplied strings which made it prone to
SQL injections:
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.novell.com/show_bug.cgi?id=698250

Just to have this one sorted out wrt to the patches, the relevant
upstream patches are these two:
[1] http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
[2] http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e

right?

Yes.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB 16746 (AG N├╝rnberg) 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]