Installing jdk on 7-Release: Has known vulnerabilities from 2005?

Torgeir Hoffmann twhoffma at student.matnat.uio.no
Thu Jul 24 00:57:08 UTC 2008


Hi again!

>> when I try to install linux-sun-jdk16 from ports I get:
>>
>> ===>  linux-sun-jdk-1.6.0.07 has known vulnerabilities:
>> => jdk -- jar directory traversal vulnerability.
>>    Reference:
>> <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>
>> => Please update your ports tree and try again.
>> *** Error code 1
>>
>> This refers to a vulnerability from 2005 (!). I get the same thing with
>> the 1.5 port.
>> I desperately want to avoid building the native version due to the fact
>> that I have a not that sporty laptop, and the packages from the freebsd
>> foundation is not available yet.
>>
>> I have the latest portsnap port snapshot.
>
> Update your portaudit database.

I did that.

portaudit -Fda

Still, same thing. Thought this was very strange as well.

Anything else that I should have done? (It's probably right in front of me!)

Many thanks,

Torgeir



More information about the freebsd-questions mailing list