ports/159736: sysutils/dtc: many security issues
Ansgar Burchardt
ansgar at debian.org
Sat Aug 13 09:40:04 UTC 2011
>Number: 159736
>Category: ports
>Synopsis: sysutils/dtc: many security issues
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Aug 13 09:40:03 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ansgar Burchardt
>Release:
>Organization:
>Environment:
>Description:
The FreeBSD ports collection appears to distribute dtc/0.32.0.1 which has many security issues allowing full access even without an account.
These include CVE-2011-0434, CVE-2011-0435, CVE-2011-0436, CVE-2011-0437[1].
Please be also aware of current issues[2].
Regards,
Ansgar
[1] <http://www.debian.org/security/2011/dsa-2179>
[2] <http://seclists.org/oss-sec/2011/q3/326>
<http://bugs.debian.org/src:dtc>
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list