cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist
ports/ports-mgmt/portaudit/files portaudit-cmd.sh
Simon L. B. Nielsen
simon at FreeBSD.org
Sun Mar 11 22:06:37 UTC 2012
On 11 Mar 2012, at 21:59, Olli Hauer wrote:
> On 2012-03-11 22:32, Simon L. Nielsen wrote:
>> simon 2012-03-11 21:32:58 UTC
>>
>> FreeBSD ports repository
>>
>> Modified files:
>> ports-mgmt/portaudit Makefile pkg-plist
>> ports-mgmt/portaudit/files portaudit-cmd.sh
>> Log:
>> Portaudit 0.6.0:
>>
>> Fix remote code execution which can occur with a specially crafted
>> audit file. The attacker would need to get the portaudit(1) to
>> download the bad audit database, e.g. by performing a man in the
>> middle attack.
>>
>> Add signature verification of the portaudit database. The public key
>> is for the database generated for portaudit.FreeBSD.org is included
>> in the distribution.
>>
>> Submitted by: Michael Gmelin <freebsd at grem.de>
>> Reported by: Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
>> Security: Remote code execution
>> Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>> Feature safe: yes
>> With hat: so
>>
>> Revision Changes Path
>> 1.30 +2 -1 ports/ports-mgmt/portaudit/Makefile
>> 1.20 +69 -10 ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
>> 1.6 +1 -0 ports/ports-mgmt/portaudit/pkg-plist
>>
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.diff?&r1=1.29&r2=1.30&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/portaudit-cmd.sh.diff?&r1=1.19&r2=1.20&f=h
>> http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist.diff?&r1=1.5&r2=1.6&f=h
>
>
> Hi Simon,
>
> seems the public key was not committed
Doh, rookie mistake. Thanks! Fixed.
> and thanks for removing the annoying ""Vulnerability check disabled ..." message
Np - it has been bugging me for years but not quiet enough... :-)
--
Simon L. B. Nielsen
More information about the cvs-ports
mailing list