cvs commit: ports/ports-mgmt/portaudit/files portaudit.pubkey
Simon L. Nielsen
simon at FreeBSD.org
Sun Mar 11 22:05:39 UTC 2012
simon 2012-03-11 22:05:39 UTC
FreeBSD ports repository
Added files:
ports-mgmt/portaudit/files portaudit.pubkey
Log:
Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file. The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.
Add signature verification of the portaudit database. The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.
(This parts add the portaudit public key missed in initial commit.)
Submitted by: Michael Gmelin <freebsd at grem.de>
Reported by: Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
Security: Remote code execution
Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe: yes
With hat: so
Revision Changes Path
1.1 +14 -0 ports/ports-mgmt/portaudit/files/portaudit.pubkey (new)
More information about the cvs-ports
mailing list