cvs commit: ports/ports-mgmt/portaudit/files portaudit.pubkey

Simon L. Nielsen simon at FreeBSD.org
Sun Mar 11 22:05:39 UTC 2012


simon       2012-03-11 22:05:39 UTC

  FreeBSD ports repository

  Added files:
    ports-mgmt/portaudit/files portaudit.pubkey 
  Log:
  Portaudit 0.6.0:
  
  Fix remote code execution which can occur with a specially crafted
  audit file.  The attacker would need to get the portaudit(1) to
  download the bad audit database, e.g. by performing a man in the
  middle attack.
  
  Add signature verification of the portaudit database.  The public key
  is for the database generated for portaudit.FreeBSD.org is included
  in the distribution.
  
  (This parts add the portaudit public key missed in initial commit.)
  
  Submitted by:   Michael Gmelin <freebsd at grem.de>
  Reported by:    Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
  Security:       Remote code execution
  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
  Feature safe:   yes
  With hat:       so
  
  Revision  Changes    Path
  1.1       +14 -0     ports/ports-mgmt/portaudit/files/portaudit.pubkey (new)


More information about the cvs-all mailing list