svn commit: r305200 - in head: security/vuxml www/openx

Ruslan Mahmatkhanov rm at FreeBSD.org
Wed Oct 3 12:33:39 UTC 2012 

Author: rm
Date: Wed Oct  3 12:33:38 2012
New Revision: 305200
URL: http://svn.freebsd.org/changeset/ports/305200

Log:
  - update to 2.8.10
  - add vuxml entry
  
  This release fixes SQL injection vulnerability.
  
  PR:		172114
  Submitted by:	rm (myself)
  Approved by:	ports-secteam (eadler)
  Security:	dee44ba9-08ab-11e2-a044-d0df9acfd7e5

Modified:
  head/security/vuxml/vuln.xml
  head/www/openx/Makefile
  head/www/openx/distinfo

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Oct  3 12:24:20 2012	(r305199)
+++ head/security/vuxml/vuln.xml	Wed Oct  3 12:33:38 2012	(r305200)
@@ -51,6 +51,42 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5">
+    <topic>OpenX -- SQL injection vulnerability</topic>
+    <affects>
+      <package>
+        <name>openx</name>
+        <range><le>2.8.10</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Secunia reports:</p>
+        <blockquote cite="http://secunia.com/advisories/50598/">
+          <p>A vulnerability has been discovered in OpenX, which can be
+             exploited by malicious people to conduct SQL injection 
+             attacks.</p>
+          <p>Input passed via the "xajaxargs" parameter to 
+             www/admin/updates-history.php (when "xajax" is set to 
+             "expandOSURow") is not properly sanitised in e.g. the 
+             "queryAuditBackupTablesByUpgradeId()" function 
+             (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL
+             queries. This can be exploited to manipulate SQL queries by 
+             injecting arbitrary SQL code.</p>
+          <p>The vulnerability is confirmed in version 2.8.9. Prior versions
+             may also be affected.</p>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://secunia.com/advisories/50598/</url>
+    </references>
+    <dates>
+      <discovery>2012-09-14</discovery>
+      <entry>2012-09-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee">
     <topic>chromium -- multiple vulnerabilities</topic>
     <affects>

Modified: head/www/openx/Makefile
==============================================================================
--- head/www/openx/Makefile	Wed Oct  3 12:24:20 2012	(r305199)
+++ head/www/openx/Makefile	Wed Oct  3 12:33:38 2012	(r305200)
@@ -1,12 +1,8 @@
-# New ports collection makefile for:	openx
-# Date created:		13 March 2008
-# Whom:			Piotr Rybicki <meritus at innervision.pl>
-#
+# Created by: Piotr Rybicki <meritus at innervision.pl>
 # $FreeBSD$
-#
 
 PORTNAME=	openx
-PORTVERSION=	2.8.9
+PORTVERSION=	2.8.10
 CATEGORIES=	www
 MASTER_SITES=	http://download.openx.org/
 

Modified: head/www/openx/distinfo
==============================================================================
--- head/www/openx/distinfo	Wed Oct  3 12:24:20 2012	(r305199)
+++ head/www/openx/distinfo	Wed Oct  3 12:33:38 2012	(r305200)
@@ -1,2 +1,2 @@
-SHA256 (openx-2.8.9.tar.bz2) = b6c9eece311cd33c502cdf3b8b14027dcf72672318cff1adc12a81dedf5352db
-SIZE (openx-2.8.9.tar.bz2) = 9616171
+SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2
+SIZE (openx-2.8.10.tar.bz2) = 9787343

More information about the svn-ports-head mailing list