Bug 150610 - [UPDATE] www/openx upgrade to latest version, security issue
Summary: [UPDATE] www/openx upgrade to latest version, security issue
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: niels
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-16 03:30 UTC by Dan Langille
Modified: 2010-09-26 14:40 UTC (History)
1 user (show)

See Also:

Attachments
openx.diff (51.43 KB, patch)
2010-09-16 03:30 UTC, Dan Langille 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Langille 2010-09-16 03:30:01 UTC 
	
Upgrade to 2.8.7
http://blog.openx.org/09/security-update/
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2010-09-16 03:30:08 UTC 
Maintainer of www/openx,

Please note that PR ports/150610 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/150610

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2010-09-16 03:30:12 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Piotr Rybicki 2010-09-16 10:16:29 UTC 
W dniu 2010-09-16 04:30, Edwin Groothuis pisze:
> Maintainer of www/openx,
> 
> Please note that PR ports/150610 has just been submitted.
> 
> If it contains a patch for an upgrade, an enhancement or a bug fix
> you agree on, reply to this email stating that you approve the patch
> and a committer will take care of it.
> 
> The full text of the PR can be found at:
>     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/150610
> 

Of course please commit. Thanks!

-- 
Piotr Rybicki
InnerVision Sp. z o.o.
http://www.innervision.pl
Comment 4 Philip M. Gollucci freebsd_committer freebsd_triage 2010-09-16 20:23:06 UTC 
State Changed
From-To: feedback->open

Maintainer approved
Comment 5 niels freebsd_committer freebsd_triage 2010-09-26 14:03:28 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->niels

I'll take it, thanks! 
Niels
Comment 6 dfilter service freebsd_committer freebsd_triage 2010-09-26 14:32:16 UTC 
niels       2010-09-26 13:32:10 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Documented remote code execution vulnerability in OpenX
  
  PR:             ports/150610
  Approved by:    itetcu (mentor, implicit)
  Security:       ttp://blog.openx.org/09/security-update/
  
  Revision  Changes    Path
  1.2227    +32 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 dfilter service freebsd_committer freebsd_triage 2010-09-26 14:33:45 UTC 
niels       2010-09-26 13:33:40 UTC

  FreeBSD ports repository

  Modified files:
    www/openx            Makefile distinfo pkg-plist 
  Log:
  Updated to version 2.8.7 to fix security issue
  
  PR:             ports/150610
  Submitted by:   Dan Langille <dan@langille.org>
  Approved by:    maintainer, itetcu (mentor, implicit)
  Security:       80b6d6cc-c970-11df-bb18-0015587e2cc1
  Security:       http://blog.openx.org/09/security-update/
  
  Revision  Changes    Path
  1.10      +3 -1      ports/www/openx/Makefile
  1.10      +3 -3      ports/www/openx/distinfo
  1.8       +504 -393  ports/www/openx/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 niels freebsd_committer freebsd_triage 2010-09-26 14:34:23 UTC 
State Changed
From-To: open->closed


Thanks Dan!  Patch applied and tested OK.  I also documented the vulnerability in VuXML so everyone using this package will be able to update now. 

Niels