From owner-cvs-ports@FreeBSD.ORG  Sun Mar 11 22:05:39 2012
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C1BB7106566B;
	Sun, 11 Mar 2012 22:05:39 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 94E398FC14;
	Sun, 11 Mar 2012 22:05:39 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id q2BM5dIm078362;
	Sun, 11 Mar 2012 22:05:39 GMT
	(envelope-from simon@repoman.freebsd.org)
Received: (from simon@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id q2BM5dxa078361;
	Sun, 11 Mar 2012 22:05:39 GMT (envelope-from simon)
Message-Id: <201203112205.q2BM5dxa078361@repoman.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Sun, 11 Mar 2012 22:05:39 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/ports-mgmt/portaudit/files portaudit.pubkey
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2012 22:05:39 -0000

simon       2012-03-11 22:05:39 UTC

  FreeBSD ports repository

  Added files:
    ports-mgmt/portaudit/files portaudit.pubkey 
  Log:
  Portaudit 0.6.0:
  
  Fix remote code execution which can occur with a specially crafted
  audit file.  The attacker would need to get the portaudit(1) to
  download the bad audit database, e.g. by performing a man in the
  middle attack.
  
  Add signature verification of the portaudit database.  The public key
  is for the database generated for portaudit.FreeBSD.org is included
  in the distribution.
  
  (This parts add the portaudit public key missed in initial commit.)
  
  Submitted by:   Michael Gmelin <freebsd@grem.de>
  Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
  Security:       Remote code execution
  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
  Feature safe:   yes
  With hat:       so
  
  Revision  Changes    Path
  1.1       +14 -0     ports/ports-mgmt/portaudit/files/portaudit.pubkey (new)