ports/172114: www/openx:update to 2.8.10
Ruslan Mahmatkhanov
rm at FreeBSD.org
Thu Sep 27 14:20:03 UTC 2012
>Number: 172114
>Category: ports
>Synopsis: www/openx:update to 2.8.10
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Sep 27 14:20:02 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Ruslan Mahmatkhanov
>Release: 10.0-CURRENT
>Organization:
>Environment:
10.0-CURRENT i386
>Description:
- update to 2.8.10
this release fixes sql injection vulnerability.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml (revision 304960)
+++ security/vuxml/vuln.xml (working copy)
@@ -51,6 +51,42 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5">
+ <topic>OpenX -- SQL injection vulnerability</topic>
+ <affects>
+ <package>
+ <name>openx</name>
+ <range><le>2.8.10</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Secunia reports:</p>
+ <blockquote cite="http://secunia.com/advisories/50598/">
+ <p>A vulnerability has been discovered in OpenX, which can be
+ exploited by malicious people to conduct SQL injection
+ attacks.</p>
+ <p>Input passed via the "xajaxargs" parameter to
+ www/admin/updates-history.php (when "xajax" is set to
+ "expandOSURow") is not properly sanitised in e.g. the
+ "queryAuditBackupTablesByUpgradeId()" function
+ (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL
+ queries. This can be exploited to manipulate SQL queries by
+ injecting arbitrary SQL code.</p>
+ <p>The vulnerability is confirmed in version 2.8.9. Prior versions
+ may also be affected.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://secunia.com/advisories/50598/</url>
+ </references>
+ <dates>
+ <discovery>2012-09-14</discovery>
+ <entry>2012-09-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
Index: www/openx/Makefile
===================================================================
--- www/openx/Makefile (revision 304960)
+++ www/openx/Makefile (working copy)
@@ -1,12 +1,8 @@
-# New ports collection makefile for: openx
-# Date created: 13 March 2008
-# Whom: Piotr Rybicki <meritus at innervision.pl>
-#
+# Created by: Piotr Rybicki <meritus at innervision.pl>
# $FreeBSD$
-#
PORTNAME= openx
-PORTVERSION= 2.8.9
+PORTVERSION= 2.8.10
CATEGORIES= www
MASTER_SITES= http://download.openx.org/
Index: www/openx/distinfo
===================================================================
--- www/openx/distinfo (revision 304960)
+++ www/openx/distinfo (working copy)
@@ -1,2 +1,2 @@
-SHA256 (openx-2.8.9.tar.bz2) = b6c9eece311cd33c502cdf3b8b14027dcf72672318cff1adc12a81dedf5352db
-SIZE (openx-2.8.9.tar.bz2) = 9616171
+SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2
+SIZE (openx-2.8.10.tar.bz2) = 9787343
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list