Date: Thu, 15 May 2014 16:11:02 +0300 From: Volodymyr Kostyrko <arcade@b1t.name> To: Alan Hicks <ahicks@p-o.co.uk>, freebsd-ports@freebsd.org Subject: Re: www/openx: CVE-2013-7149 no patch available? Message-ID: <5374BCE6.80503@b1t.name> In-Reply-To: <5369F53A.1050505@p-o.co.uk> References: <53693756.7050306@b1t.name> <5369F53A.1050505@p-o.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
07.05.2014 11:56, Alan Hicks wrote: > On 06/05/2014 20:26, Volodymyr Kostyrko wrote: >> Hi all. >> >> In case anyone is still using www/openx. >> >> Does anyone know about any patches for this issue? Had anyone patched >> openx by himself? >> > > The project has moved to https://github.com/revive-adserver > > Although I have patched my copy of OpenX for both the vulnerability and > PostgreSQL support, there was no interest from the people at > revive-adserver, though they have since patched the vulnerability. > Having almost completed the removal of OpenX from my servers there is > little interest in supporting it. Original patch attached for reference. Thanks, I'll try to move to revive-adserver. Already filed a PR with a new port. -- Sphinx of black quartz, judge my vow.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5374BCE6.80503>