diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 36 | ||||
| -rw-r--r-- | www/openx/Makefile | 8 | ||||
| -rw-r--r-- | www/openx/distinfo | 4 |
3 files changed, 40 insertions, 8 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0b5798d69026..2524973dba02 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,42 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="dee44ba9-08ab-11e2-a044-d0df9acfd7e5"> + <topic>OpenX -- SQL injection vulnerability</topic> + <affects> + <package> + <name>openx</name> + <range><le>2.8.10</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/50598/"> + <p>A vulnerability has been discovered in OpenX, which can be + exploited by malicious people to conduct SQL injection + attacks.</p> + <p>Input passed via the "xajaxargs" parameter to + www/admin/updates-history.php (when "xajax" is set to + "expandOSURow") is not properly sanitised in e.g. the + "queryAuditBackupTablesByUpgradeId()" function + (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL + queries. This can be exploited to manipulate SQL queries by + injecting arbitrary SQL code.</p> + <p>The vulnerability is confirmed in version 2.8.9. Prior versions + may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/50598/</url> + </references> + <dates> + <discovery>2012-09-14</discovery> + <entry>2012-09-27</entry> + </dates> + </vuln> + <vuln vid="5bae2ab4-0820-11e2-be5f-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> diff --git a/www/openx/Makefile b/www/openx/Makefile index 8c6375c6b4e3..79f25cf1f082 100644 --- a/www/openx/Makefile +++ b/www/openx/Makefile @@ -1,12 +1,8 @@ -# New ports collection makefile for: openx -# Date created: 13 March 2008 -# Whom: Piotr Rybicki <meritus@innervision.pl> -# +# Created by: Piotr Rybicki <meritus@innervision.pl> # $FreeBSD$ -# PORTNAME= openx -PORTVERSION= 2.8.9 +PORTVERSION= 2.8.10 CATEGORIES= www MASTER_SITES= http://download.openx.org/ diff --git a/www/openx/distinfo b/www/openx/distinfo index c25ed1f0d3d3..d58d564ec316 100644 --- a/www/openx/distinfo +++ b/www/openx/distinfo @@ -1,2 +1,2 @@ -SHA256 (openx-2.8.9.tar.bz2) = b6c9eece311cd33c502cdf3b8b14027dcf72672318cff1adc12a81dedf5352db -SIZE (openx-2.8.9.tar.bz2) = 9616171 +SHA256 (openx-2.8.10.tar.bz2) = 91418dcd3896e19532c4144e5f4c56bcfa49164e3304fa7240f2a1cc8b90bfc2 +SIZE (openx-2.8.10.tar.bz2) = 9787343 |