Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Mar 2012 21:30:49 +0000 (UTC)
From:      "Simon L. Nielsen" <simon@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/Mk bsd.port.mk
Message-ID:  <201203112130.q2BLUn1c074333@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
simon       2012-03-11 21:30:49 UTC

  FreeBSD ports repository

  Modified files:
    Mk                   bsd.port.mk 
  Log:
  Make bsd.port.mk not parse port audit's auditfile directly to
  check for vulnerabilities, but call portaudit instead.
  
  This fixes a remote command execution vulnerability for users who have
  portaudit installed.
  
  While changing the code anyway, remove the annoying and very verbose
  "Vulnerability check disabled, database not found" warning.
  
  Security:       Remote code execution
  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
  Approved by:    portmgr
  Feature safe:   yes (or at least approved)
  With hat:       so
  
  Revision  Changes    Path
  1.707     +6 -15     ports/Mk/bsd.port.mk



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203112130.q2BLUn1c074333>