Date: Sun, 15 Aug 2010 18:09:42 +0100 From: Shaun Amott <shaun@FreeBSD.org> To: Peggy Wilkins <enlil65@gmail.com> Cc: freebsd-ports@freebsd.org Subject: Re: portaudit: problem with logic for security/krb5 Message-ID: <20100815170941.GA83438@charon.picobyte.net> In-Reply-To: <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi@mail.gmail.com> References: <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ikeVEW9yuYc//A+q Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Aug 15, 2010 at 10:53:54AM -0500, Peggy Wilkins wrote: >=20 > Portaudit is flagging security/krb5 as vulnerable, but as far as I can > tell it is incorrect. >=20 > capricorn:/usr/ports/security/krb5:19% portaudit -vC > Affected package: krb5-1.8.3 (matched by krb5>=3D1.7) > Type of problem: krb5 -- KDC double free vulnerability. > Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e= 2cc1.html> >=20 > Following the reference URL shows that this vulnerability affects krb5 > >=3D1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit > should not be showing this port as vulnerable. Is there a bug in > portaudit or some other problem? >=20 > FYI my system is: > FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD > 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010 > root@capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC amd64 >=20 Looks like the XML was incorrect for this entry. I have now fixed it. Thanks for the report. --=20 Shaun Amott // PGP: 0x6B387A9A "A foolish consistency is the hobgoblin of little minds." - Ralph Waldo Emerson --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkxoH1UACgkQkmhdCGs4epq17QCg87yv6hv9MVGQoqqQLd8fYPbe OlkAoLniQglGHoUlOpFv82hGQT4sPqhi =a/dr -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100815170941.GA83438>