Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Aug 2010 18:09:42 +0100
From:      Shaun Amott <shaun@FreeBSD.org>
To:        Peggy Wilkins <enlil65@gmail.com>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: portaudit: problem with logic for security/krb5
Message-ID:  <20100815170941.GA83438@charon.picobyte.net>
In-Reply-To: <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi@mail.gmail.com>
References:  <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Aug 15, 2010 at 10:53:54AM -0500, Peggy Wilkins wrote:
>=20
> Portaudit is flagging security/krb5 as vulnerable, but as far as I can
> tell it is incorrect.
>=20
> capricorn:/usr/ports/security/krb5:19% portaudit -vC
> Affected package: krb5-1.8.3 (matched by krb5>=3D1.7)
> Type of problem: krb5 -- KDC double free vulnerability.
> Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e=
2cc1.html>
>=20
> Following the reference URL shows that this vulnerability affects krb5
> >=3D1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit
> should not be showing this port as vulnerable.  Is there a bug in
> portaudit or some other problem?
>=20
> FYI my system is:
> FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD
> 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010
> root@capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>=20

Looks like the XML was incorrect for this entry. I have now fixed it.
Thanks for the report.

--=20
Shaun Amott // PGP: 0x6B387A9A
"A foolish consistency is the hobgoblin
of little minds." - Ralph Waldo Emerson

--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkxoH1UACgkQkmhdCGs4epq17QCg87yv6hv9MVGQoqqQLd8fYPbe
OlkAoLniQglGHoUlOpFv82hGQT4sPqhi
=a/dr
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100815170941.GA83438>