From owner-freebsd-questions@FreeBSD.ORG  Mon May 19 17:47:30 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0941BEEA
 for <freebsd-questions@freebsd.org>; Mon, 19 May 2014 17:47:30 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id D693823EA
 for <freebsd-questions@freebsd.org>; Mon, 19 May 2014 17:47:29 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id 9B93633C1E;
 Mon, 19 May 2014 13:47:18 -0400 (EDT)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id 6F02B3984E; Mon, 19 May 2014 13:47:16 -0400 (EDT)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: Walter Hurry <walterhurry@gmail.com>
Subject: Re: Can't reinstall linux-f10-openldap
References: <llde5k$v9g$1@ger.gmane.org>
Reply-To: freebsd-questions@freebsd.org
Date: Mon, 19 May 2014 13:47:16 -0400
In-Reply-To: <llde5k$v9g$1@ger.gmane.org> (Walter Hurry's message of "Mon, 19
 May 2014 17:14:28 +0000 (UTC)")
Message-ID: <44k39h7ja3.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 17:47:30 -0000

Walter Hurry <walterhurry@gmail.com> writes:

> I'm trying to reinstall net/linux-f10-openldap, but am being prevented 
> from doing so.
>
> ------------------------------------------------------------
> ===>  linux-f10-openldap-2.4.12_1 has known vulnerabilities:
> linux-f10-openldap-2.4.12_1 is vulnerable:
> OpenLDAP -- incorrect handling of NULL in certificate Common Name
> CVE: CVE-2009-3767
> WWW: http://portaudit.FreeBSD.org/abad20bf-c1b4-11e3-
> a5ac-001b21614864.html
> => Please update your ports tree and try again.
> *** [check-vulnerable] Error code 1
>
> Stop in /usr/ports/net/linux-f10-openldap.
> ------------------------------------------------------------
>
> The portaudit web page says that there is indeed a vulnerability in this 
> version, but it is the latest version available in the ports tree.
>
> Is there any way around this?

The only options are the obvious ones:

 1) Override the vulnerability warning and install anyway.
 2) Wait for somebody else to commit a non-vulnerable port.
 3) Create a non-vulnerable port yourself.

Updating the Linux emulation can be tricky, because you never know when
a new version of a program will start using a Linux kernel feature that
we don't emulate. I'm not up-to-date on future directions of the
Linuxulator; there are several linux-base sets these days.