Date: Mon, 31 Oct 2005 17:45:45 +1100 From: Daniel Pittman <daniel@rimspace.net> To: freebsd-questions@freebsd.org Subject: portaudit reports: how to exclude a specific vulnerability Message-ID: <87oe56rxpi.fsf@rimspace.net>
next in thread | raw e-mail | index | archive | help
G'day. I am relatively new to FreeBSD, but failed to find an answer to
this question in the handbook, manual pages, or other references about
portaudit:
At the moment, portaudit is reporting one vulnerability on my system,
with the 'p5-Crypt-OpenPGP' package.
There isn't, apparently, a release of this package available that
resolves the issue.
I have checked the advisory and I am quite happy that the specific
problem is not going to hurt here, so I don't mind that the
theoretically vulnerable version is installed.[1]
I can't work out how to tell portaudit to stop bothering me about this
particular vulnerability, though.
Can I ask it to exclude a vulnerability, or (ever better) a
vulnerability/package combination, from reports?
I specifically /don't/ want to exclude the package from auditing,
though, since I want to know if another security issue turns up for it.
Thanks,
Daniel
Footnotes:
[1] The specific issue is a cryptographic weakness that needs a
specific and particularly unlikely bit of code written by us before
it actually does anything. Not, as they say, going to happen.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87oe56rxpi.fsf>