Date: Sun, 11 Mar 2012 22:05:39 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/ports-mgmt/portaudit/files portaudit.pubkey Message-ID: <201203112205.q2BM5dxa078361@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
simon 2012-03-11 22:05:39 UTC
FreeBSD ports repository
Added files:
ports-mgmt/portaudit/files portaudit.pubkey
Log:
Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.
Add signature verification of the portaudit database. The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.
(This parts add the portaudit public key missed in initial commit.)
Submitted by: Michael Gmelin <freebsd@grem.de>
Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security: Remote code execution
Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe: yes
With hat: so
Revision Changes Path
1.1 +14 -0 ports/ports-mgmt/portaudit/files/portaudit.pubkey (new)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203112205.q2BM5dxa078361>