Full details here, in German: http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt-eine-Hintertuer-1929769.html Also, the port does not address these vulnerabilities, because no new version was released after 2.8.10 https://www.htbridge.com/advisory/HTB23116 https://www.htbridge.com/advisory/HTB23155 Fix: openx will have to build a new tar-ball How-To-Repeat: see above
Maintainer of www/openx, Please note that PR ports/181087 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/181087 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Hello. Thank You for this information. Yes, this port shoud be forbidden because of security issues, until there is a fix upstream. Regards. -- Piotr Rybicki, Prezes ZarzÄdu InnerVision Sp. z o.o. http://www.innervision.pl
Wait, there is a new 2.8.11 version. I 'll create a patch today and attach in this PR. Regards -- Piotr Rybicki, Prezes ZarzÄdu InnerVision Sp. z o.o. http://www.innervision.pl
Please update www/openx ASAP, since new version adresses critical security issues. diff -ur openx-old/Makefile openx/Makefile --- openx-old/Makefile 2013-08-07 21:02:49.000000000 +0200 +++ openx/Makefile 2013-08-07 21:03:34.000000000 +0200 @@ -2,7 +2,7 @@ # $FreeBSD: head/www/openx/Makefile 305200 2012-10-03 12:33:38Z rm $ PORTNAME= openx -PORTVERSION= 2.8.10 +PORTVERSION= 2.8.11 CATEGORIES= www MASTER_SITES= http://download.openx.org/ diff -ur openx-old/distinfo openx/distinfo --- openx-old/distinfo 2013-08-07 21:02:49.000000000 +0200 +++ openx/distinfo 2013-08-07 21:05:25.000000000 +0200 @@ -1,2 +1,2 @@ -SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2 -SIZE (openx-2.8.10.tar.bz2) = 9787343 +SHA256 (openx-2.8.11.tar.bz2) = 1a9e1e0e0165c45584968c7c6dd9401425a2ff79d48e453fdb049a34f8b88607 +SIZE (openx-2.8.11.tar.bz2) = 9617410 Best regards -- Piotr Rybicki, Prezes ZarzÄdu InnerVision Sp. z o.o. http://www.innervision.pl
State Changed From-To: feedback->closed Committed, thanks!
Author: erwin Date: Fri Aug 9 14:59:19 2013 New Revision: 324444 URL: http://svnweb.freebsd.org/changeset/ports/324444 Log: Update to 2.8.11, which addresses several critical security vulnerabilities. PR: 181087 Submitted by: Piotr Rybicki <piotr.rybicki@innervision.pl> Noticed by: Rainer Duffner <rainer@ultra-secure.de> Security: https://www.htbridge.com/advisory/HTB23116 https://www.htbridge.com/advisory/HTB23155 Modified: head/www/openx/Makefile head/www/openx/distinfo Modified: head/www/openx/Makefile ============================================================================== --- head/www/openx/Makefile Fri Aug 9 14:47:22 2013 (r324443) +++ head/www/openx/Makefile Fri Aug 9 14:59:19 2013 (r324444) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= openx -PORTVERSION= 2.8.10 +PORTVERSION= 2.8.11 CATEGORIES= www MASTER_SITES= http://download.openx.org/ Modified: head/www/openx/distinfo ============================================================================== --- head/www/openx/distinfo Fri Aug 9 14:47:22 2013 (r324443) +++ head/www/openx/distinfo Fri Aug 9 14:59:19 2013 (r324444) @@ -1,2 +1,2 @@ -SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2 -SIZE (openx-2.8.10.tar.bz2) = 9787343 +SHA256 (openx-2.8.11.tar.bz2) = 1a9e1e0e0165c45584968c7c6dd9401425a2ff79d48e453fdb049a34f8b88607 +SIZE (openx-2.8.11.tar.bz2) = 9617410 _______________________________________________ svn-ports-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-ports-all To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"