From owner-freebsd-ports@FreeBSD.ORG  Sun Aug 15 16:20:53 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 13B071065670
	for <freebsd-ports@freebsd.org>; Sun, 15 Aug 2010 16:20:53 +0000 (UTC)
	(envelope-from enlil65@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id A26088FC13
	for <freebsd-ports@freebsd.org>; Sun, 15 Aug 2010 16:20:52 +0000 (UTC)
Received: by wwb24 with SMTP id 24so2291926wwb.31
	for <freebsd-ports@freebsd.org>; Sun, 15 Aug 2010 09:20:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:date:message-id
	:subject:from:to:content-type;
	bh=qlSKDhPwkFNkqF6RINk48mhwhQif3Wl775IDgczJwjc=;
	b=o8DI5ylxtoJ6tpbVuomrt2HGKx7oSlhhPo66DNIBG8U4FwXaXpcD2rbzHiWKeKCVJo
	JK/Ce8lLfW9tFvpDyxYai71zlWGsYz0GGMIuDph9zzKbzji6jpUnesd3SU/zD/ciSMrN
	MMgViXCPwaIJpwcjvj5FxpDPwiYOT+88kdPik=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=XLrW4O7uUbYnMbO6cm9TbczrmHvFgahniVLzT7DsAwaloknHszNAV8emfL8LuSAYqT
	VtTuYi9Vn5Z1POMnJYVuSSKGlosyDx5LvIHwUJdf8XeWSJLX4B0Gr/hXx/At+pfLwWDu
	/vTTBLYqFJRL+Di9Rq/bS1o2SvFuNq2FmJ5hQ=
MIME-Version: 1.0
Received: by 10.227.154.211 with SMTP id p19mr3688199wbw.19.1281887634324;
	Sun, 15 Aug 2010 08:53:54 -0700 (PDT)
Received: by 10.216.205.17 with HTTP; Sun, 15 Aug 2010 08:53:54 -0700 (PDT)
Date: Sun, 15 Aug 2010 10:53:54 -0500
Message-ID: <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax+fTi@mail.gmail.com>
From: Peggy Wilkins <enlil65@gmail.com>
To: freebsd-ports@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: portaudit: problem with logic for security/krb5
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 16:20:53 -0000

Portaudit is flagging security/krb5 as vulnerable, but as far as I can
tell it is incorrect.

capricorn:/usr/ports/security/krb5:19% portaudit -vC
Affected package: krb5-1.8.3 (matched by krb5>=1.7)
Type of problem: krb5 -- KDC double free vulnerability.
Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html>

Following the reference URL shows that this vulnerability affects krb5
>=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit
should not be showing this port as vulnerable.  Is there a bug in
portaudit or some other problem?

FYI my system is:
FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD
8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010
root@capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC  amd64

  --plw