[Bug 245878] security/vuxml ipfw invalid mbuf handling creates false positive with base-audit

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245878

            Bug ID: 245878
           Summary: security/vuxml ipfw invalid mbuf handling creates
                    false positive with base-audit
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-secteam at FreeBSD.org
          Reporter: dvl at FreeBSD.org
             Flags: maintainer-feedback?(ports-secteam at FreeBSD.org)
          Assignee: ports-secteam at FreeBSD.org

re https://lists.freebsd.org/pipermail/svn-ports-all/2020-April/249659.html

The FreeBSD-SA-20:10.ipfw entry in vuxml is causing false positives for
security/base-audit

To reproduce:

freebsd-update fetch install
reboot
pkg install base-audit
add security_status_baseaudit_enable="YES" to /etc/periodic.conf
pkg audit -F
/usr/local/etc/periodic/security/405.pkg-base-audit

$ freebsd-version -uk
12.1-RELEASE-p3
12.1-RELEASE-p4

$ /usr/local/etc/periodic/security/405.pkg-base-audit

Checking for security vulnerabilities in base (userland & kernel):
Host system:
Database fetched: Wed Apr 22 11:30:00 UTC 2020
FreeBSD-kernel-12.1_3 is vulnerable:
FreeBSD -- ipfw invalid mbuf handling
CVE: CVE-2019-15874
CVE: CVE-2019-5614
WWW:
https://vuxml.FreeBSD.org/freebsd/33edcc56-83f2-11ea-92ab-00163e433440.html

1 problem(s) in 1 installed package(s) found.
0 problem(s) in 0 installed package(s) found.

-- 
You are receiving this mail because:
You are the assignee for the bug.