On Sun, Aug 15, 2010 at 10:53:54AM -0500, Peggy Wilkins wrote: > > Portaudit is flagging security/krb5 as vulnerable, but as far as I can > tell it is incorrect. > > capricorn:/usr/ports/security/krb5:19% portaudit -vC > Affected package: krb5-1.8.3 (matched by krb5>=1.7) > Type of problem: krb5 -- KDC double free vulnerability. > Reference: > <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html> > > Following the reference URL shows that this vulnerability affects krb5 > >=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit > should not be showing this port as vulnerable. Is there a bug in > portaudit or some other problem? > > FYI my system is: > FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD > 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010 > [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 >
Looks like the XML was incorrect for this entry. I have now fixed it. Thanks for the report. -- Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson
pgpk0cahxo5Ul.pgp
Description: PGP signature
