Bug 165613 - [UPDATE] www/openx to 2.8.8
Summary: [UPDATE] www/openx to 2.8.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Jason Helfman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-02 07:50 UTC by Andrej Zverev
Modified: 2012-03-02 21:40 UTC (History)
0 users

See Also:

Attachments
openx.diff (370.85 KB, patch)
2012-03-02 07:50 UTC, Andrej Zverev 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrej Zverev 2012-03-02 07:50:10 UTC 
	Current version of OpenX contain some security problem.
	This information was obtained from this URL:
	http://blog.openx.org/12/security-matters-3/

	As I can see they changed something with sessions handling and
	accurate with HTML escaping. So they don't touch DB schema.

Fix: Apply patch, same patch can be found here:
	http://people.freebsd.org/~az/openx.diff
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2012-03-02 07:50:30 UTC 
Maintainer of www/openx,

Please note that PR ports/165613 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/165613

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2012-03-02 07:50:32 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 Piotr Rybicki 2012-03-02 17:15:54 UTC 
Please commit.

Regards

-- 
Piotr Rybicki, Prezes ZarzÄdu
InnerVision Sp. z o.o.
http://www.innervision.pl
Comment 4 Jason Helfman freebsd_committer freebsd_triage 2012-03-02 18:55:23 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->jgh

I'll take it.
Comment 5 Mark Linimon freebsd_committer freebsd_triage 2012-03-02 19:46:05 UTC 
State Changed
From-To: feedback->open

Maintainer approved.
Comment 6 dfilter service freebsd_committer freebsd_triage 2012-03-02 21:31:22 UTC 
jgh         2012-03-02 21:31:11 UTC

  FreeBSD ports repository

  Modified files:
    www/openx            Makefile distinfo pkg-plist 
  Log:
  - Update to 2.8.8
  
  PR:     ports/165613
  Submitted by:   andrej.zverev@gmail.com
  Approved by:    maintainer
  
  Revision  Changes      Path
  1.11      +3 -3        ports/www/openx/Makefile
  1.12      +2 -2        ports/www/openx/distinfo
  1.9       +3658 -3637  ports/www/openx/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 dfilter service freebsd_committer freebsd_triage 2012-03-02 21:32:45 UTC 
jgh         2012-03-02 21:32:37 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  document latest openx security issue
  
  PR:     ports/165613
  
  Revision  Changes    Path
  1.2621    +28 -1     ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 8 Jason Helfman freebsd_committer freebsd_triage 2012-03-02 21:33:39 UTC 
State Changed
From-To: open->closed

Committed. Thanks!