Bug#650021: marked as done (CVE-2011-4349: SQL injection)

Debian Bug Tracking System Wed, 14 Dec 2011 03:03:35 -0800

Your message dated Wed, 14 Dec 2011 11:02:13 +0000
with message-id <e1rambf-0003mv...@franck.debian.org>
and subject line Bug#650021: fixed in colord 0.1.15-1
has caused the Debian Bug report #650021,
regarding CVE-2011-4349: SQL injection
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
650021: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650021
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: colord
Severity: grave
Tags: security

Hi,
the following vulnerability was reported on oss-security by Ludwig
Nussel of SuSE:

colord did not quote user supplied strings which made it prone to
SQL injections:
https://bugs.freedesktop.org/show_bug.cgi?id=42904
https://bugzilla.novell.com/show_bug.cgi?id=698250

When colord runs as root and local active users are allowed to
create new devices (both are the defaults AFAIK) this allows not
only to corrupt colord's own database but also to leverage it to
modify other databases in the system (PackageKit for example also
uses sqlite).

Patches:
http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b
http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e

This has been assigned CVE-2011-4349.

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: colord
Source-Version: 0.1.15-1

We believe that the bug you reported is fixed in the latest version of
colord, which is due to be installed in the Debian FTP archive:

colord_0.1.15-1.debian.tar.gz
  to main/c/colord/colord_0.1.15-1.debian.tar.gz
colord_0.1.15-1.dsc
  to main/c/colord/colord_0.1.15-1.dsc
colord_0.1.15-1_amd64.deb
  to main/c/colord/colord_0.1.15-1_amd64.deb
colord_0.1.15.orig.tar.xz
  to main/c/colord/colord_0.1.15.orig.tar.xz
gir1.2-colord-1.0_0.1.15-1_amd64.deb
  to main/c/colord/gir1.2-colord-1.0_0.1.15-1_amd64.deb
libcolord-dev_0.1.15-1_amd64.deb
  to main/c/colord/libcolord-dev_0.1.15-1_amd64.deb
libcolord1_0.1.15-1_amd64.deb
  to main/c/colord/libcolord1_0.1.15-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 650...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christopher James Halse Rogers <r...@ubuntu.com> (supplier of updated colord 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 14 Dec 2011 15:25:41 +1100
Source: colord
Binary: libcolord-dev libcolord1 colord gir1.2-colord-1.0
Architecture: source amd64
Version: 0.1.15-1
Distribution: unstable
Urgency: low
Maintainer: Christopher James Halse Rogers <r...@ubuntu.com>
Changed-By: Christopher James Halse Rogers <r...@ubuntu.com>
Description: 
 colord     - system service to manage device colour profiles -- system daemon
 gir1.2-colord-1.0 - GObject introspection data for the colord library
 libcolord-dev - system service to manage device colour profiles -- development 
fi
 libcolord1 - system service to manage device colour profiles -- runtime
Closes: 650021
Changes: 
 colord (0.1.15-1) unstable; urgency=low
 .
   * New upstream release.
     + Fixes sqlite injection vulnerability, preventing malicious applications
       from corrupting colord's database (Closes: #650021).
   * debian/patches/01_use_polkit_owner_annotation.patch:
     + Cherry-pick from upstream, enabling use of the PolicyKit "owner"
       annotation.
   * debian/control:
     + Add versioned Build-Depends on libpolkit-gobject-1-dev to ensure
       configure detects a new enough PolicyKit to enable the "owner"
       annotation.
     + Add versioned Depends on policykit-1 to colord to ensure a new enough
       PolicyKit to understand the "owner" annotation at runtime.
   * debian/rules:
     + Re-enable PolicyKit support now that the "owner" annotation is supported.
   * debian/patches/06_use_dbus_security_for_permissions.diff:
     + Drop; PolicyKit has been fixed.
   * debian/libcolord1.symbols: Add new symbols in 0.1.14 and 0.1.15
Checksums-Sha1: 
 9217fa0a2d18d678baa4a4221f451933f0256cb0 2226 colord_0.1.15-1.dsc
 e83a68add3fac9c677829925794ee353743dc9c8 456776 colord_0.1.15.orig.tar.xz
 ab969f70bb2621956407e33169c7011f916d638d 8121 colord_0.1.15-1.debian.tar.gz
 ed962a5b3a7643183e06164366bc9eb93cea222f 74768 libcolord-dev_0.1.15-1_amd64.deb
 6b7754402c693d0c6de9004a04f07d141bf8257a 93392 libcolord1_0.1.15-1_amd64.deb
 bdbf20291f6439b6f1b64b504db0f24832e12186 170784 colord_0.1.15-1_amd64.deb
 b7efbe0ec8b0e71f38a15fb672ad734b7feba98b 57680 
gir1.2-colord-1.0_0.1.15-1_amd64.deb
Checksums-Sha256: 
 402caf2b12f41c582cf3b6c1346146c2bc3bd9a38d29b1069a8343a09a654e7b 2226 
colord_0.1.15-1.dsc
 dff56476e02527899f4a2c39eeb092af369ab5dac1e21cbb6a5b0955b5c6e746 456776 
colord_0.1.15.orig.tar.xz
 cdb3815eb0a85caa1ecb4d5e585b03e34febec25cd367a6274486f8973729011 8121 
colord_0.1.15-1.debian.tar.gz
 6c92d97f75f117bd7885887bd25920c6c72a321ff2d40c09f06fa4d015c66b37 74768 
libcolord-dev_0.1.15-1_amd64.deb
 41dbfbf004ea25ff672ee78525132a917b8cc41eb0e032678a7448b2e6fe9011 93392 
libcolord1_0.1.15-1_amd64.deb
 ab19855757f46d77ad0145bdabfc9cb67f259176ee4bf51acbb0e52f8aee3482 170784 
colord_0.1.15-1_amd64.deb
 04b8e348d33df625abaaec8fee76ecabddc9eb5ad3e8b13f45de0bb8fb4c7649 57680 
gir1.2-colord-1.0_0.1.15-1_amd64.deb
Files: 
 eefc85effa9cee0a83c4b375cc0152ec 2226 graphics optional colord_0.1.15-1.dsc
 f212cbc7eece3fa403c1507fc8b10dbb 456776 graphics optional 
colord_0.1.15.orig.tar.xz
 6edffd80f540704389743acd1e0ba06d 8121 graphics optional 
colord_0.1.15-1.debian.tar.gz
 197426c26a55732645eace42f84f43df 74768 libdevel optional 
libcolord-dev_0.1.15-1_amd64.deb
 11a83edb6a430366518d8485804e5135 93392 libs optional 
libcolord1_0.1.15-1_amd64.deb
 4e621e0f47580acac8264973d3099e2a 170784 graphics optional 
colord_0.1.15-1_amd64.deb
 cc5ac2dab8e68d65a5eaf81cd1eba119 57680 libs optional 
gir1.2-colord-1.0_0.1.15-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJO6ICMAAoJEPmIJawmtHufp80P/1hm/kDI6hN6wjGmW4rzqn/3
fHt7d1qH6SB4zLYAqp2aru2kowi/2ikDLmTCm3HtiH2myOsQv/a1SrUWKHZ9LCxZ
l66y6YK+gHIrom53VhXahGYJL6vv3mQ+y0A2jzvrPfM3FJzVEJcuUY+W65aqyECJ
8jK+O2kboVLBOp+KniOWdV6+PeCPsapZRzBTbIxX2WyCwLyjpCWjaOA1+nYEoM/5
5b2q7mAlo0z5tGsMHn3YcXIGRW16akLpPoNiegrI9f0+Q0nwbL+DZJ77TG/OVrJT
7hy3jO5PT7u6VXLZVbI8pffaVR9z+DM+8qR+7PgJ8H09jcvfX2rNeO6JiIyCOOGV
8moW28O6PJcF8K08NVP926X6qo3Ys/OFk//iUw0u+raTritx22dgJ9rplOamPO1m
lhxtXlkDpk8bx8IeqOY6feqyPq/eH85DoJ5DKE467vV/x41PzEqAFU9jUEooiAc6
2/rvcGVgOawXB92xilads3vr5HvsdrGGXoIeEP433Ve44F++lRiqBiQfajO+oglb
EfSuj1bvMMN0ANxZsp/EufuK5xCC5UMklUoyAO/B489MXWzOYMY8BZ/GQ/ep7/8U
Tndp8QCA9fTP7Uh/nYt5AJ4dNQjXld8WQ2fP+tyZ1ajHVHbAE3j4Jo8MrRJ744wv
yTGurfqZAMsaMFObwn9s
=odpK
-----END PGP SIGNATURE-----

--- End Message ---

Bug#650021: marked as done (CVE-2011-4349: SQL injection)

Reply via email to