From owner-freebsd-java@FreeBSD.ORG Wed Aug 15 18:20:01 2007 Return-Path: Delivered-To: freebsd-java@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9064E16A419 for ; Wed, 15 Aug 2007 18:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 640FC13C4A6 for ; Wed, 15 Aug 2007 18:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l7FIK1lv072185 for ; Wed, 15 Aug 2007 18:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l7FIK13m072184; Wed, 15 Aug 2007 18:20:01 GMT (envelope-from gnats) Resent-Date: Wed, 15 Aug 2007 18:20:01 GMT Resent-Message-Id: <200708151820.l7FIK13m072184@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-java@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Ronald Klop" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABDC516A419 for ; Wed, 15 Aug 2007 18:10:37 +0000 (UTC) (envelope-from ronald-freebsd8@klop.yi.org) Received: from smtp-out1.tiscali.nl (smtp-out1.tiscali.nl [195.241.79.176]) by mx1.freebsd.org (Postfix) with ESMTP id 6E8F113C480 for ; Wed, 15 Aug 2007 18:10:37 +0000 (UTC) (envelope-from ronald-freebsd8@klop.yi.org) Received: from [82.171.39.195] (helo=guido.klop.ws) by smtp-out1.tiscali.nl with smtp (Tiscali http://www.tiscali.nl) id 1ILN54-0002sC-1j for ; Wed, 15 Aug 2007 19:54:54 +0200 Received: (qmail 50833 invoked from network); 15 Aug 2007 17:54:49 -0000 Received: from localhost (HELO guido.klop.ws) (127.0.0.1) by localhost with SMTP; 15 Aug 2007 17:54:49 -0000 Message-Id: <1187200489.50831@guido.klop.ws> Date: Wed, 15 Aug 2007 19:54:49 +0200 From: "Ronald Klop" To: "FreeBSD gnats submit" X-Send-Pr-Version: gtk-send-pr 0.4.8 Cc: Subject: java/115558: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Aug 2007 18:20:01 -0000 >Number: 115558 >Category: java >Synopsis: linux-sun-jdk-1.6.0.02 is incorrectly marked as vulnerable >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-java >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 15 18:20:00 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Ronald Klop >Release: FreeBSD 6.2-STABLE i386 >Organization: >Environment: System: FreeBSD 6.2-STABLE #29: Sat Jul 14 14:44:18 CEST 2007 root@guido.klop.ws:/usr/obj/usr/src/sys/GUIDO >Description: I don't know if this is a 'java' issue or a 'ports' issue, sorry if the category is wrong. But, the port linux-sun-jdk-1.6.0.02 is marked as vulnerable by portaudit/vuxml which is incorrect I think. # portaudit -adF auditfile.tbz 100% of 43 kB 30 kBps New database installed. Database created: Tue Aug 14 01:10:01 CEST 2007 Affected package: linux-sun-jdk-1.6.0.02 Type of problem: jdk -- jar directory traversal . Reference: >How-To-Repeat: install portaudit try to install linux-sun-jdk-1.6.0; this will not succeed, because portaudit thinks the port is vulnerable >Fix: Fix the versions of the vulnerability. >Release-Note: >Audit-Trail: >Unformatted: