Date: Sun, 11 Mar 2012 21:32:58 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh Message-ID: <201203112132.q2BLWwTZ074498@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
simon 2012-03-11 21:32:58 UTC
FreeBSD ports repository
Modified files:
ports-mgmt/portaudit Makefile pkg-plist
ports-mgmt/portaudit/files portaudit-cmd.sh
Log:
Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.
Add signature verification of the portaudit database. The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.
Submitted by: Michael Gmelin <freebsd@grem.de>
Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security: Remote code execution
Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe: yes
With hat: so
Revision Changes Path
1.30 +2 -1 ports/ports-mgmt/portaudit/Makefile
1.20 +69 -10 ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
1.6 +1 -0 ports/ports-mgmt/portaudit/pkg-plist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203112132.q2BLWwTZ074498>