Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Mar 2012 22:59:34 +0100
From:      Olli Hauer <ohauer@FreeBSD.org>
To:        "Simon L. Nielsen" <simon@FreeBSD.org>
Cc:        cvs-ports@freebsd.org, cvs-all@freebsd.org
Subject:   Re: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
Message-ID:  <4F5D2046.4030309@FreeBSD.org>
In-Reply-To: <201203112132.q2BLWwTZ074498@repoman.freebsd.org>
References:  <201203112132.q2BLWwTZ074498@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2012-03-11 22:32, Simon L. Nielsen wrote:
> simon       2012-03-11 21:32:58 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     ports-mgmt/portaudit Makefile pkg-plist 
>     ports-mgmt/portaudit/files portaudit-cmd.sh 
>   Log:
>   Portaudit 0.6.0:
>   
>   Fix remote code execution which can occur with a specially crafted
>   audit file.  The attacker would need to get the portaudit(1) to
>   download the bad audit database, e.g. by performing a man in the
>   middle attack.
>   
>   Add signature verification of the portaudit database.  The public key
>   is for the database generated for portaudit.FreeBSD.org is included
>   in the distribution.
>   
>   Submitted by:   Michael Gmelin <freebsd@grem.de>
>   Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
>   Security:       Remote code execution
>   Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>   Feature safe:   yes
>   With hat:       so
>   
>   Revision  Changes    Path
>   1.30      +2 -1      ports/ports-mgmt/portaudit/Makefile
>   1.20      +69 -10    ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
>   1.6       +1 -0      ports/ports-mgmt/portaudit/pkg-plist
> 
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h
> 


Hi Simon,

seems the public key was not committed.

and thanks for removing the annoying ""Vulnerability check disabled ..." message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F5D2046.4030309>