From owner-freebsd-ports@FreeBSD.ORG  Thu May 15 13:11:11 2014
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 249CA4B4
 for <freebsd-ports@freebsd.org>; Thu, 15 May 2014 13:11:11 +0000 (UTC)
Received: from ratatosk.b1t.name (ratatosk.b1t.name [46.150.100.6])
 by mx1.freebsd.org (Postfix) with ESMTP id D45372660
 for <freebsd-ports@freebsd.org>; Thu, 15 May 2014 13:11:10 +0000 (UTC)
Received: from ar1l0u.maxima.local (mau.donbass.com [92.242.127.250])
 by ratatosk.b1t.name (Postfix) with ESMTPSA id 6E110258;
 Thu, 15 May 2014 16:11:02 +0300 (EEST)
Message-ID: <5374BCE6.80503@b1t.name>
Date: Thu, 15 May 2014 16:11:02 +0300
From: Volodymyr Kostyrko <arcade@b1t.name>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Alan Hicks <ahicks@p-o.co.uk>, freebsd-ports@freebsd.org
Subject: Re: www/openx: CVE-2013-7149 no patch available?
References: <53693756.7050306@b1t.name> <5369F53A.1050505@p-o.co.uk>
In-Reply-To: <5369F53A.1050505@p-o.co.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2014 13:11:11 -0000

07.05.2014 11:56, Alan Hicks wrote:
> On 06/05/2014 20:26, Volodymyr Kostyrko wrote:
>> Hi all.
>>
>> In case anyone is still using www/openx.
>>
>> Does anyone know about any patches for this issue? Had anyone patched
>> openx by himself?
>>
>
> The project has moved to https://github.com/revive-adserver
>
> Although I have patched my copy of OpenX for both the vulnerability and
> PostgreSQL support, there was no interest from the people at
> revive-adserver, though they have since patched the vulnerability.
> Having almost completed the removal of OpenX from my servers there is
> little interest in supporting it.  Original patch attached for reference.

Thanks, I'll try to move to revive-adserver. Already filed a PR with a 
new port.

-- 
Sphinx of black quartz, judge my vow.