cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist
ports/ports-mgmt/portaudit/files portaudit-cmd.sh
Olli Hauer
ohauer at FreeBSD.org
Sun Mar 11 21:59:38 UTC 2012
On 2012-03-11 22:32, Simon L. Nielsen wrote:
> simon 2012-03-11 21:32:58 UTC
>
> FreeBSD ports repository
>
> Modified files:
> ports-mgmt/portaudit Makefile pkg-plist
> ports-mgmt/portaudit/files portaudit-cmd.sh
> Log:
> Portaudit 0.6.0:
>
> Fix remote code execution which can occur with a specially crafted
> audit file. The attacker would need to get the portaudit(1) to
> download the bad audit database, e.g. by performing a man in the
> middle attack.
>
> Add signature verification of the portaudit database. The public key
> is for the database generated for portaudit.FreeBSD.org is included
> in the distribution.
>
> Submitted by: Michael Gmelin <freebsd at grem.de>
> Reported by: Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
> Security: Remote code execution
> Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
> Feature safe: yes
> With hat: so
>
> Revision Changes Path
> 1.30 +2 -1 ports/ports-mgmt/portaudit/Makefile
> 1.20 +69 -10 ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
> 1.6 +1 -0 ports/ports-mgmt/portaudit/pkg-plist
>
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h
> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h
>
Hi Simon,
seems the public key was not committed.
and thanks for removing the annoying ""Vulnerability check disabled ..." message
More information about the cvs-ports
mailing list