Date: Wed, 3 Oct 2012 12:33:39 +0000 (UTC) From: Ruslan Mahmatkhanov <rm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r305200 - in head: security/vuxml www/openx Message-ID: <201210031233.q93CXdCt028284@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rm Date: Wed Oct 3 12:33:38 2012 New Revision: 305200 URL: http://svn.freebsd.org/changeset/ports/305200 Log: - update to 2.8.10 - add vuxml entry This release fixes SQL injection vulnerability. PR: 172114 Submitted by: rm (myself) Approved by: ports-secteam (eadler) Security: dee44ba9-08ab-11e2-a044-d0df9acfd7e5 Modified: head/security/vuxml/vuln.xml head/www/openx/Makefile head/www/openx/distinfo Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Oct 3 12:24:20 2012 (r305199) +++ head/security/vuxml/vuln.xml Wed Oct 3 12:33:38 2012 (r305200) @@ -51,6 +51,42 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5"> + <topic>OpenX -- SQL injection vulnerability</topic> + <affects> + <package> + <name>openx</name> + <range><le>2.8.10</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/50598/">; + <p>A vulnerability has been discovered in OpenX, which can be + exploited by malicious people to conduct SQL injection + attacks.</p> + <p>Input passed via the "xajaxargs" parameter to + www/admin/updates-history.php (when "xajax" is set to + "expandOSURow") is not properly sanitised in e.g. the + "queryAuditBackupTablesByUpgradeId()" function + (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL + queries. This can be exploited to manipulate SQL queries by + injecting arbitrary SQL code.</p> + <p>The vulnerability is confirmed in version 2.8.9. Prior versions + may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/50598/</url>; + </references> + <dates> + <discovery>2012-09-14</discovery> + <entry>2012-09-27</entry> + </dates> + </vuln> + <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> Modified: head/www/openx/Makefile ============================================================================== --- head/www/openx/Makefile Wed Oct 3 12:24:20 2012 (r305199) +++ head/www/openx/Makefile Wed Oct 3 12:33:38 2012 (r305200) @@ -1,12 +1,8 @@ -# New ports collection makefile for: openx -# Date created: 13 March 2008 -# Whom: Piotr Rybicki <meritus@innervision.pl> -# +# Created by: Piotr Rybicki <meritus@innervision.pl> # $FreeBSD$ -# PORTNAME= openx -PORTVERSION= 2.8.9 +PORTVERSION= 2.8.10 CATEGORIES= www MASTER_SITES= http://download.openx.org/ Modified: head/www/openx/distinfo ============================================================================== --- head/www/openx/distinfo Wed Oct 3 12:24:20 2012 (r305199) +++ head/www/openx/distinfo Wed Oct 3 12:33:38 2012 (r305200) @@ -1,2 +1,2 @@ -SHA256 (openx-2.8.9.tar.bz2) = b6c9eece311cd33c502cdf3b8b14027dcf72672318cff1adc12a81dedf5352db -SIZE (openx-2.8.9.tar.bz2) = 9616171 +SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2 +SIZE (openx-2.8.10.tar.bz2) = 9787343
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201210031233.q93CXdCt028284>