Date: Mon, 31 Oct 2005 17:45:45 +1100 From: Daniel Pittman <daniel@rimspace.net> To: freebsd-questions@freebsd.org Subject: portaudit reports: how to exclude a specific vulnerability Message-ID: <87oe56rxpi.fsf@rimspace.net>
index | next in thread | raw e-mail
G'day. I am relatively new to FreeBSD, but failed to find an answer to
this question in the handbook, manual pages, or other references about
portaudit:
At the moment, portaudit is reporting one vulnerability on my system,
with the 'p5-Crypt-OpenPGP' package.
There isn't, apparently, a release of this package available that
resolves the issue.
I have checked the advisory and I am quite happy that the specific
problem is not going to hurt here, so I don't mind that the
theoretically vulnerable version is installed.[1]
I can't work out how to tell portaudit to stop bothering me about this
particular vulnerability, though.
Can I ask it to exclude a vulnerability, or (ever better) a
vulnerability/package combination, from reports?
I specifically /don't/ want to exclude the package from auditing,
though, since I want to know if another security issue turns up for it.
Thanks,
Daniel
Footnotes:
[1] The specific issue is a cryptographic weakness that needs a
specific and particularly unlikely bit of code written by us before
it actually does anything. Not, as they say, going to happen.
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87oe56rxpi.fsf>