Date: Thu, 27 Sep 2012 14:11:02 GMT From: Ruslan Mahmatkhanov <rm@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/172114: www/openx:update to 2.8.10 Message-ID: <201209271411.q8REB2cV008926@red.freebsd.org> Resent-Message-ID: <201209271420.q8REK2iW078603@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 172114 >Category: ports >Synopsis: www/openx:update to 2.8.10 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Sep 27 14:20:02 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ruslan Mahmatkhanov >Release: 10.0-CURRENT >Organization: >Environment: 10.0-CURRENT i386 >Description: - update to 2.8.10 this release fixes sql injection vulnerability. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml (revision 304960) +++ security/vuxml/vuln.xml (working copy) @@ -51,6 +51,42 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5"> + <topic>OpenX -- SQL injection vulnerability</topic> + <affects> + <package> + <name>openx</name> + <range><le>2.8.10</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/50598/"> + <p>A vulnerability has been discovered in OpenX, which can be + exploited by malicious people to conduct SQL injection + attacks.</p> + <p>Input passed via the "xajaxargs" parameter to + www/admin/updates-history.php (when "xajax" is set to + "expandOSURow") is not properly sanitised in e.g. the + "queryAuditBackupTablesByUpgradeId()" function + (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL + queries. This can be exploited to manipulate SQL queries by + injecting arbitrary SQL code.</p> + <p>The vulnerability is confirmed in version 2.8.9. Prior versions + may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/50598/</url> + </references> + <dates> + <discovery>2012-09-14</discovery> + <entry>2012-09-27</entry> + </dates> + </vuln> + <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> Index: www/openx/Makefile =================================================================== --- www/openx/Makefile (revision 304960) +++ www/openx/Makefile (working copy) @@ -1,12 +1,8 @@ -# New ports collection makefile for: openx -# Date created: 13 March 2008 -# Whom: Piotr Rybicki <meritus@innervision.pl> -# +# Created by: Piotr Rybicki <meritus@innervision.pl> # $FreeBSD$ -# PORTNAME= openx -PORTVERSION= 2.8.9 +PORTVERSION= 2.8.10 CATEGORIES= www MASTER_SITES= http://download.openx.org/ Index: www/openx/distinfo =================================================================== --- www/openx/distinfo (revision 304960) +++ www/openx/distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (openx-2.8.9.tar.bz2) = b6c9eece311cd33c502cdf3b8b14027dcf72672318cff1adc12a81dedf5352db -SIZE (openx-2.8.9.tar.bz2) = 9616171 +SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2 +SIZE (openx-2.8.10.tar.bz2) = 9787343 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209271411.q8REB2cV008926>