Date: Tue, 14 Sep 2004 14:15:18 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Jeff Aitken <jaitken@aitken.com> Cc: Daniel Rudy <dr2867@pacbell.net> Subject: Re: Kerberos 5 Security Alert? Message-ID: <20040914131518.GG43574@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20040913223543.GA28187@eagle.aitken.com> References: <41461A28.1060308@pacbell.net> <20040913223543.GA28187@eagle.aitken.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--KR/qxknboQ7+Tpez Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 13, 2004 at 06:35:43PM -0400, Jeff Aitken wrote: > On Mon, Sep 13, 2004 at 03:07:36PM -0700, Daniel Rudy wrote: =20 > > Why wasn't there a FreeBSD security alert for Kerberos 5? =20 >=20 > I may be wrong, but I think that security alerts are issued only > for the base system (i.e., things that are part of FreeBSD proper). > Vulnerabilities that affect ports are documented here: >=20 > http://www.vuxml.org/freebsd/ >=20 > I'm sure someone will correct me if this is wrong. That's correct. The VuXML system is now the standard repositiry for information about security vulnerabilities to do with the ports or the base system. FreeBSD Security Alerts are still being produced when necessary -- which cover the base OS, but alerts or notifications for stuff in ports now use a different mechanism. If you install the security/portaudit port, you'll get a message in your daily system e-mail if you have a vulnerable version of any port installed, together with a link to a page on the FreeBSD site with more details. It will also print out warnings and prevent you from installing a port if there is an outstanding security problem with it. The portaudit port also sets up a local copy of its database of security problems which it updates each night -- I think that originally portaudit and VuXML were quite separate projects, but portaudit now uses VuXML stuff internally. I happen to know that the VuXML data will be appearing in a future release of the freshports.org site as well. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --KR/qxknboQ7+Tpez Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBRu7miD657aJF7eIRAgW/AJ9ctsdiPYsnNAv7qp1TL/Fkb55D4gCcDj2S v1TMw9XIiz+wf+HCZN+aVtw= =YKkZ -----END PGP SIGNATURE----- --KR/qxknboQ7+Tpez--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040914131518.GG43574>