Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 08 Sep 2004 13:08:56 -0500
From:      Chris <racerx@makeworld.com>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        FreeBSD - Questions <freebsd-questions@freebsd.org>
Subject:   Re: Portaudit question
Message-ID:  <413F4AB8.3080801@makeworld.com>
In-Reply-To: <20040908155919.GA91355@happy-idiot-talk.infracaninophile.co.uk>
References:  <413F1EC3.5010701@makeworld.com> <20040908155919.GA91355@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Matthew Seaman wrote:
> On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote:
> 
>>While running portaudit, I get the complaint;
>>
>>Affected package: FreeBSD-502010
>>Type of problem: multiple vulnerabilities in the cvs server code.
>>Reference: 
>><http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.html>;
>>Note: To disable this check add the uuid to `portaudit_fixed' in 
>>/usr/local/etc/portaudit.conf
>>
>>Am I to assume this is only if you run a cvs server? OR -
>>does this relate to the SA's put out earlier this year about the src.
> 
> 
> Did you read the referenced portaudit page or any of the links
> supplied by it?  There are several vulnerabilities, most of which
> affect the CVS server, but one fairly minor that affects the CVS
> client.
> 
> The FreeBSD advisory SA-O4:07.cvs refers to a different problem:
> 
>     http://www.vuxml.org/freebsd/0792e7a7-8e37-11d8-90d1-0020ed76ef5a.html
>     ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:07.cvs.asc
> 
> As you can see, the VuXML entry you're getting warnings about is dated
> a month after the security advisory:
> 
>     http://www.vuxml.org/freebsd/d2102505-f03d-11d8-81b0-000347a4fa7d.html
> 
> However, the update given in the security advisory is to a version of
> CVS unaffected by either vulnerability.  Update your system to the
> latest patchlevel and the problem will be fixed.

This has been done, 5.2.1-RELEASE-p9


-- 
Best regards,
Chris

Working capital doesn't.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413F4AB8.3080801>