Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 8 Sep 2004 16:59:19 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Chris <racerx@makeworld.com>
Cc:        FreeBSD - Questions <freebsd-questions@freebsd.org>
Subject:   Re: Portaudit question
Message-ID:  <20040908155919.GA91355@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <413F1EC3.5010701@makeworld.com>
References:  <413F1EC3.5010701@makeworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mP3DRpeJDSE+ciuQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote:
> While running portaudit, I get the complaint;
>=20
> Affected package: FreeBSD-502010
> Type of problem: multiple vulnerabilities in the cvs server code.
> Reference:=20
> <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4f=
a7d.html>
> Note: To disable this check add the uuid to `portaudit_fixed' in=20
> /usr/local/etc/portaudit.conf
>=20
> Am I to assume this is only if you run a cvs server? OR -
> does this relate to the SA's put out earlier this year about the src.

Did you read the referenced portaudit page or any of the links
supplied by it?  There are several vulnerabilities, most of which
affect the CVS server, but one fairly minor that affects the CVS
client.

The FreeBSD advisory SA-O4:07.cvs refers to a different problem:

    http://www.vuxml.org/freebsd/0792e7a7-8e37-11d8-90d1-0020ed76ef5a.html
    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.=
asc

As you can see, the VuXML entry you're getting warnings about is dated
a month after the security advisory:

    http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html

However, the update given in the security advisory is to a version of
CVS unaffected by either vulnerability.  Update your system to the
latest patchlevel and the problem will be fixed.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--mP3DRpeJDSE+ciuQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBPyxXiD657aJF7eIRAuB0AJ9jmzKc/76uRLSEdwxdd2Nxyt+qRACfbVYB
2c6RO/H7JmAk7s4MKsuD8mU=
=+RG7
-----END PGP SIGNATURE-----

--mP3DRpeJDSE+ciuQ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040908155919.GA91355>