CVE-2011-4349

NameCVE-2011-4349
DescriptionMultiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs650021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
colord (PTS)jessie1.2.1-1fixed
stretch1.3.3-2fixed
buster1.4.3-4fixed
bullseye1.4.5-3fixed
bookworm1.4.6-2.2fixed
sid, trixie1.4.7-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
colordsource(unstable)0.1.15-1medium650021

Search for package or bug name: Reporting problems