From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 24 01:07:47 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 383F81065676
	for <freebsd-questions@freebsd.org>;
	Thu, 24 Jul 2008 01:07:47 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Received: from weak.local (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id F01868FC17;
	Thu, 24 Jul 2008 01:07:42 +0000 (UTC)
	(envelope-from kris@FreeBSD.org)
Message-ID: <4887D5E1.9080903@FreeBSD.org>
Date: Thu, 24 Jul 2008 03:07:45 +0200
From: Kris Kennaway <kris@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421)
MIME-Version: 1.0
To: twhoffma@student.matnat.uio.no
References: <48764.80.202.85.78.1216849881.squirrel@webmail.uio.no>	<4887AFD4.9000106@FreeBSD.org>
	<49448.80.202.85.78.1216861022.squirrel@webmail.uio.no>
In-Reply-To: <49448.80.202.85.78.1216861022.squirrel@webmail.uio.no>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Installing jdk on 7-Release: Has known vulnerabilities from 
 2005?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2008 01:07:47 -0000

Torgeir Hoffmann wrote:
> Hi again!
> 
>>> when I try to install linux-sun-jdk16 from ports I get:
>>>
>>> ===>  linux-sun-jdk-1.6.0.07 has known vulnerabilities:
>>> => jdk -- jar directory traversal vulnerability.
>>>    Reference:
>>> <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>
>>> => Please update your ports tree and try again.
>>> *** Error code 1
>>>
>>> This refers to a vulnerability from 2005 (!). I get the same thing with
>>> the 1.5 port.
>>> I desperately want to avoid building the native version due to the fact
>>> that I have a not that sporty laptop, and the packages from the freebsd
>>> foundation is not available yet.
>>>
>>> I have the latest portsnap port snapshot.
>> Update your portaudit database.
> 
> I did that.
> 
> portaudit -Fda
> 
> Still, same thing. Thought this was very strange as well.
> 
> Anything else that I should have done? (It's probably right in front of me!)

Talk to the port maintainer if you think the vulnerability no longer 
exists, or build with DISABLE_VULNERABILITIES if you choose to override 
the warning.

Kris