Current version of OpenX contain some security problem. This information was obtained from this URL: http://blog.openx.org/12/security-matters-3/ As I can see they changed something with sessions handling and accurate with HTML escaping. So they don't touch DB schema. Fix: Apply patch, same patch can be found here: http://people.freebsd.org/~az/openx.diff
Maintainer of www/openx, Please note that PR ports/165613 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/165613 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Please commit. Regards -- Piotr Rybicki, Prezes ZarzÄdu InnerVision Sp. z o.o. http://www.innervision.pl
Responsible Changed From-To: freebsd-ports-bugs->jgh I'll take it.
State Changed From-To: feedback->open Maintainer approved.
jgh 2012-03-02 21:31:11 UTC FreeBSD ports repository Modified files: www/openx Makefile distinfo pkg-plist Log: - Update to 2.8.8 PR: ports/165613 Submitted by: andrej.zverev@gmail.com Approved by: maintainer Revision Changes Path 1.11 +3 -3 ports/www/openx/Makefile 1.12 +2 -2 ports/www/openx/distinfo 1.9 +3658 -3637 ports/www/openx/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
jgh 2012-03-02 21:32:37 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: document latest openx security issue PR: ports/165613 Revision Changes Path 1.2621 +28 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!