From secunia security advisory at $URL: Description: Certain unspecified input is not properly sanitised in cd-mapping-db.c and cd-device-db.c before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Solution: Fixed in the GIT repository. https://bugs.freedesktop.org/show_bug.cgi?id=42904
Good thing we are not running colord as root, unlike some other distros :) I have added the upstream patches to colord-0.1.14-r1 I am not sure if a GLSA is necessary since all versions of colord are in ~arch. >*colord-0.1.14-r1 (25 Nov 2011) > > 25 Nov 2011; Alexandre Rostovtsev <tetromino@gentoo.org> > -colord-0.1.12.ebuild, -colord-0.1.13.ebuild, +colord-0.1.14-r1.ebuild, > +files/colord-0.1.14-sql-injections.patch, > +files/colord-0.1.14-sql-injections-2.patch: > Add patches to fix SQL injections (bug #391879, thanks to Agostino Sarubbo for > reporting). Allow building against freebsd's libusb (bug #387959, thanks to > Naohiro Aota). Drop old versions.
(In reply to comment #1) > I am not sure if a GLSA is necessary since all versions of colord are in ~arch. noglsa, thanks for bump it.
CVE-2011-4349 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4349): Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.