Upgrade port audit now!

[Simon L. B. Nielsen]

Hey,

Bleh, even I forget at times that security@ != freebsd-security@ :-).

Begin forwarded message:

> From: "Simon L. B. Nielsen" <simon at FreeBSD.org>
> Subject: Upgrade port audit now!
> Date: 11 March 2012 21:40:26 GMT
> To: ports at FreeBSD.org, security at FreeBSD.org
> 
> Hey,
> 
> If you have portaudit installed, you should upgrade sooner rather than later!
> 
> Begin forwarded message:
> 
>> From: "Simon L. Nielsen" <simon at FreeBSD.org>
>> Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
>> Date: 11 March 2012 21:32:58 GMT
>> To: ports-committers at FreeBSD.org, cvs-ports at FreeBSD.org, cvs-all at FreeBSD.org
>> 
>> simon       2012-03-11 21:32:58 UTC
>> 
>> FreeBSD ports repository
>> 
>> Modified files:
>>   ports-mgmt/portaudit Makefile pkg-plist 
>>   ports-mgmt/portaudit/files portaudit-cmd.sh 
>> Log:
>> Portaudit 0.6.0:
>> 
>> Fix remote code execution which can occur with a specially crafted
>> audit file.  The attacker would need to get the portaudit(1) to
>> download the bad audit database, e.g. by performing a man in the
>> middle attack.
>> 
>> Add signature verification of the portaudit database.  The public key
>> is for the database generated for portaudit.FreeBSD.org is included
>> in the distribution.
>> 
>> Submitted by:   Michael Gmelin <freebsd at grem.de>
>> Reported by:    Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
>> Security:       Remote code execution
>> Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>> Feature safe:   yes
>> With hat:       so
> 
> -- 
> Simon L. B. Nielsen
> FreeBSD Deputy Security Officer
> 
> _______________________________________________________
> Please think twice when forwarding, cc:ing, or bcc:ing
> security-team messages.  Ask if you are unsure.

-- 
Simon L. B. Nielsen
FreeBSD Deputy Security Officer