ports/103313: portaudit reports bogus java/diablo-jdk15
vulnerabity due to incorrect pkg naming
Vadim Goncharov
vadimnuclight at tpu.ru
Sat Sep 16 11:47:00 PDT 2006
17.09.06 @ 00:26 Greg Lewis wrote:
> Synopsis: portaudit reports bogus java/diablo-jdk15 vulnerabity due to
> incorrect pkg naming
>
> State-Changed-From-To: open->closed
> State-Changed-By: glewis
> State-Changed-When: Sat Sep 16 17:26:05 UTC 2006
> State-Changed-Why:
> This was fixed by remko@'s recent commit to vuln.xml (rev. 1.1131).
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=103313
That's VERY BAD method of fixing things. Package names should be changed,
not vuln.xml! As cause of illness should always be cured, not the
symptoms. And, after all, even that fix was partial: it fixed only jdk on
fbsd 6 - my fbsd 5 IS STILL "vulnerable". And this is only jdk, but we
have the same problem with jre. And not only for i386, but for amd64 also
- 6 packages total, not 1.
--
WBR, Vadim Goncharov
More information about the freebsd-java
mailing list