On 2012-03-11 22:32, Simon L. Nielsen wrote: > simon 2012-03-11 21:32:58 UTC > > FreeBSD ports repository > > Modified files: > ports-mgmt/portaudit Makefile pkg-plist > ports-mgmt/portaudit/files portaudit-cmd.sh > Log: > Portaudit 0.6.0: > > Fix remote code execution which can occur with a specially crafted > audit file. The attacker would need to get the portaudit(1) to > download the bad audit database, e.g. by performing a man in the > middle attack. > > Add signature verification of the portaudit database. The public key > is for the database generated for portaudit.FreeBSD.org is included > in the distribution. > > Submitted by: Michael Gmelin <[email protected]> > Reported by: Michael Gmelin <[email protected]>, Joerg Scheinert > Security: Remote code execution > Security: > http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html > Feature safe: yes > With hat: so > > Revision Changes Path > 1.30 +2 -1 ports/ports-mgmt/portaudit/Makefile > 1.20 +69 -10 ports/ports-mgmt/portaudit/files/portaudit-cmd.sh > 1.6 +1 -0 ports/ports-mgmt/portaudit/pkg-plist > > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h > http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h >
Hi Simon, seems the public key was not committed. and thanks for removing the annoying ""Vulnerability check disabled ..." message _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[email protected]"
