From owner-freebsd-security@FreeBSD.ORG Mon May 3 10:59:38 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0F0D16A4D5; Mon, 3 May 2004 10:59:38 -0700 (PDT) Received: from kraid.nerim.net (smtp-101-monday.nerim.net [62.4.16.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B87C43D54; Mon, 3 May 2004 10:59:36 -0700 (PDT) (envelope-from artur@pydo.org) Received: from bastion.pydo.net (bastion.pydo.net [62.212.97.116]) by kraid.nerim.net (Postfix) with ESMTP id 0A472412B0; Mon, 3 May 2004 19:59:34 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by bastion.pydo.net (Postfix) with ESMTP id A8A284C2E2; Mon, 3 May 2004 19:59:34 +0200 (CEST) Received: from bastion.pydo.net ([127.0.0.1]) by localhost (fw.pydo.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 15471-01-5; Mon, 3 May 2004 19:59:31 +0200 (CEST) Received: from pydo.org (univers.ipv6.pydo.org [IPv6:2001:618:472:0:250:8dff:fea5:1452]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by bastion.pydo.net (Postfix) with ESMTP id 5811D4C2EA; Mon, 3 May 2004 19:59:31 +0200 (CEST) Message-ID: <40968883.3070103@pydo.org> Date: Mon, 03 May 2004 19:59:31 +0200 From: Artur Pydo User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: fr-fr, fr, en-us, en MIME-Version: 1.0 To: "Jacques A. Vidrine" References: <40965500.4040205@pydo.org> <20040503144335.GA15293@madman.celabo.org> In-Reply-To: <20040503144335.GA15293@madman.celabo.org> X-Enigmail-Version: 0.83.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at pydo.net cc: freebsd-security@freebsd.org Subject: Re: Bad VuXML check on PNG port ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 May 2004 17:59:38 -0000 Hello, Jacques A. Vidrine wrote: > The VuXML document needed to be updated after ache@ made the fix. > I've done so now. Yes but the file located at : ftp://ftp.freebsd.org/pub/FreeBSD/ports/local-distfiles/eik/auditfile.tbz has not been updated and it works as the reference database for portaudit and, i suppose, for the pkg_install-base-devel ports. Nothing has changed for me even after updating the ports tree and the portaudit reference file. I know that there is a workaround modifying 'auditfile' by hand as it is a ascii file. I suggest that in future one avoid setting vulnerable versions as > 0 because the update fails as long as the reference file has not been updated with the correct vulnerable port later. In this case it would be much more efficient to set 'png<1.2.5_3' from the beginning. Thanks for your help. -- Best regards, Artur Pydo.