On 11 Mar 2012, at 21:59, Olli Hauer wrote: > On 2012-03-11 22:32, Simon L. Nielsen wrote: >> simon 2012-03-11 21:32:58 UTC >> >> FreeBSD ports repository >> >> Modified files: >> ports-mgmt/portaudit Makefile pkg-plist >> ports-mgmt/portaudit/files portaudit-cmd.sh >> Log: >> Portaudit 0.6.0: >> >> Fix remote code execution which can occur with a specially crafted >> audit file. The attacker would need to get the portaudit(1) to >> download the bad audit database, e.g. by performing a man in the >> middle attack. >> >> Add signature verification of the portaudit database. The public key >> is for the database generated for portaudit.FreeBSD.org is included >> in the distribution. >> >> Submitted by: Michael Gmelin <[email protected]> >> Reported by: Michael Gmelin <[email protected]>, Joerg Scheinert >> Security: Remote code execution >> Security: >> http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html >> Feature safe: yes >> With hat: so >> >> Revision Changes Path >> 1.30 +2 -1 ports/ports-mgmt/portaudit/Makefile >> 1.20 +69 -10 ports/ports-mgmt/portaudit/files/portaudit-cmd.sh >> 1.6 +1 -0 ports/ports-mgmt/portaudit/pkg-plist >> >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h >> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h > > > Hi Simon, > > seems the public key was not committed
Doh, rookie mistake. Thanks! Fixed. > and thanks for removing the annoying ""Vulnerability check disabled ..." > message Np - it has been bugging me for years but not quiet enough... :-) -- Simon L. B. Nielsen _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[email protected]"
