[colord] colord 1.1.3
Richard Hughes
hughsient at gmail.com
Wed Oct 30 11:23:03 CET 2013
Released: 2013-10-30
Note:
- This release contains a patch that fixes a very mild security bug:
If you send keep sending hundreds of megabytes of random text data to
the SetProperty() method you can eventually cause the daemon to use a
lot of memory and then crash with an out-of-memory condition.
- As the daemon is typically running as a restricted user and the
daemon is respawned by any client the system will automatically
recover.
- This issue was found by Matus Marhefka using the dfuzzer tool.
Bugfixes:
- Never print incomplete 'colormgr dump' output (Richard Hughes)
- Restrict the length of key and values when setting metadata (Richard Hughes)
Richard
More information about the colord
mailing list