Date: Wed, 15 Aug 2007 19:54:49 +0200 From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable Message-ID: <1187200489.50831@guido.klop.ws> Resent-Message-ID: <200708151820.l7FIK13m072184@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115558
>Category: java
>Synopsis: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-java
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Aug 15 18:20:00 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Ronald Klop
>Release: FreeBSD 6.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD 6.2-STABLE #29: Sat Jul 14 14:44:18 CEST 2007
root@guido.klop.ws:/usr/obj/usr/src/sys/GUIDO
>Description:
I don't know if this is a 'java' issue or a 'ports' issue, sorry if the category is wrong.
But, the port linux-sun-jdk-1.6.0.02 is marked as vulnerable by portaudit/vuxml which is incorrect I think.
# portaudit -adF
auditfile.tbz 100% of 43 kB 30 kBps
New database installed.
Database created: Tue Aug 14 01:10:01 CEST 2007
Affected package: linux-sun-jdk-1.6.0.02
Type of problem: jdk -- jar directory traversal .
Reference: <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>;
>How-To-Repeat:
install portaudit
try to install linux-sun-jdk-1.6.0; this will not succeed, because portaudit thinks the port is vulnerable
>Fix:
Fix the versions of the vulnerability.
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1187200489.50831>