Update for FastCGI, FastCGI.165, GraphicsMagick,... security moderate

update for colord

- Update to version 0.1.15:
+ This release fixes an important security bug: CVE-2011-4349.
+ New Features:
- Add a native driver for the Hughski ColorHug hardware
- Export cd-math as three projects are now using it
+ Bugfixes:
- Documentation fixes and improvements
- Do not crash the daemon if adding the device to the db failed
- Do not match any sensor device with a kernel driver
- Don't be obscure when the user passes a device-id to colormgr
- Fix a memory leak when getting properties from a device
- Fix colormgr device-get-default-profile
- Fix some conection bugs in colormgr
- Fix some potential SQL injections
- Make gusb optional
- Only use the udev USB helper if the PID and VID have matches
- Output the Huey calibration matrices when dumping the sensor
- Changes from version 0.1.14:
+ New Features:
- Add defines for the i1 Display 3
- Add two more DATA_source values to the specification
- Align the output from colormgr get-devices and get-profiles
- Allow cd-fix-profile to append and edit new metadata
+ Bugfixes:
- Ensure non-native device are added with no driver module
- Split the sensor and device udev code
+ Updated translations.
- Run the colord daemon as user colord:
+ Add colord-polkit-annotate-owner.patch: add
org.freedesktop.policykit.owner annotations to policy file so
that running as colord user works.
+ Add a %pre script to create the colord user.
+ Add pwdutils Requires(pre), to make sure we can create the
+ Pass --with-daemon-user=colord to configure.
+ Package /var/lib/colord with the right user.
+ Add calls to autoreconf and intltoolize, as needed by above

Fixed bugs
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
VUL-0: CVE-2011-4349: colord: SQL-injection
Selected Binaries