From owner-freebsd-security@FreeBSD.ORG  Tue Sep 14 13:15:32 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E592416A4CE
	for <freebsd-security@freebsd.org>;
	Tue, 14 Sep 2004 13:15:31 +0000 (GMT)
Received: from smtp.infracaninophile.co.uk
	(happy-idiot-talk.infracaninophile.co.uk [81.2.69.218])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F17FD43D1F
	for <freebsd-security@freebsd.org>;
	Tue, 14 Sep 2004 13:15:30 +0000 (GMT)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1])
	i8EDFJSE046156
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 14 Sep 2004 14:15:19 +0100 (BST)
	(envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk)
Received: (from matthew@localhost)i8EDFI5a046155;
	Tue, 14 Sep 2004 14:15:18 +0100 (BST)	(envelope-from matthew)
Date: Tue, 14 Sep 2004 14:15:18 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
To: Jeff Aitken <jaitken@aitken.com>
Message-ID: <20040914131518.GG43574@happy-idiot-talk.infracaninophile.co.uk>
Mail-Followup-To: Jeff Aitken <jaitken@aitken.com>,
	Daniel Rudy <dr2867@pacbell.net>, freebsd-security@freebsd.org
References: <41461A28.1060308@pacbell.net>
	<20040913223543.GA28187@eagle.aitken.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="KR/qxknboQ7+Tpez"
Content-Disposition: inline
In-Reply-To: <20040913223543.GA28187@eagle.aitken.com>
User-Agent: Mutt/1.4.2.1i
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6
	(smtp.infracaninophile.co.uk [IPv6:::1]); Tue, 14 Sep 2004 14:15:19 +0100
	(BST)
X-Virus-Scanned: clamd / ClamAV version devel-20040904, clamav-milter version
	0.75l	on smtp.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham 
	version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on 
	happy-idiot-talk.infracaninophile.co.uk
cc: freebsd-security@freebsd.org
cc: Daniel Rudy <dr2867@pacbell.net>
Subject: Re: Kerberos 5 Security Alert?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2004 13:15:32 -0000


--KR/qxknboQ7+Tpez
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 13, 2004 at 06:35:43PM -0400, Jeff Aitken wrote:
> On Mon, Sep 13, 2004 at 03:07:36PM -0700, Daniel Rudy wrote:
=20
> > Why wasn't there a FreeBSD security alert for Kerberos 5? =20
>=20
> I may be wrong, but I think that security alerts are issued only
> for the base system (i.e., things that are part of FreeBSD proper).
> Vulnerabilities that affect ports are documented here:
>=20
>     http://www.vuxml.org/freebsd/
>=20
> I'm sure someone will correct me if this is wrong.

That's correct.  The VuXML system is now the standard repositiry for
information about security vulnerabilities to do with the ports or the
base system.  FreeBSD Security Alerts are still being produced when
necessary -- which cover the base OS, but alerts or notifications for
stuff in ports now use a different mechanism.

If you install the security/portaudit port, you'll get a message in
your daily system e-mail if you have a vulnerable version of any port
installed, together with a link to a page on the FreeBSD site with
more details.  It will also print out warnings and prevent you from
installing a port if there is an outstanding security problem with it.
The portaudit port also sets up a local copy of its database of
security problems which it updates each night -- I think that
originally portaudit and VuXML were quite separate projects, but
portaudit now uses VuXML stuff internally.

I happen to know that the VuXML data will be appearing in a future
release of the freshports.org site as well.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--KR/qxknboQ7+Tpez
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBRu7miD657aJF7eIRAgW/AJ9ctsdiPYsnNAv7qp1TL/Fkb55D4gCcDj2S
v1TMw9XIiz+wf+HCZN+aVtw=
=YKkZ
-----END PGP SIGNATURE-----

--KR/qxknboQ7+Tpez--