portaudit reports: how to exclude a specific vulnerability

Daniel Pittman daniel at rimspace.net
Sun Oct 30 22:45:56 PST 2005


G'day.  I am relatively new to FreeBSD, but failed to find an answer to
this question in the handbook, manual pages, or other references about
portaudit:

At the moment, portaudit is reporting one vulnerability on my system,
with the 'p5-Crypt-OpenPGP' package.  

There isn't, apparently, a release of this package available that
resolves the issue.

I have checked the advisory and I am quite happy that the specific
problem is not going to hurt here, so I don't mind that the
theoretically vulnerable version is installed.[1]

I can't work out how to tell portaudit to stop bothering me about this
particular vulnerability, though.  

Can I ask it to exclude a vulnerability, or (ever better) a
vulnerability/package combination, from reports?


I specifically /don't/ want to exclude the package from auditing,
though, since I want to know if another security issue turns up for it.

Thanks,
       Daniel

Footnotes: 
[1]  The specific issue is a cryptographic weakness that needs a
     specific and particularly unlikely bit of code written by us before
     it actually does anything.  Not, as they say, going to happen.



More information about the freebsd-questions mailing list