portaudit: problem with logic for security/krb5
Peggy Wilkins
enlil65 at gmail.com
Sun Aug 15 16:20:53 UTC 2010
Portaudit is flagging security/krb5 as vulnerable, but as far as I can
tell it is incorrect.
capricorn:/usr/ports/security/krb5:19% portaudit -vC
Affected package: krb5-1.8.3 (matched by krb5>=1.7)
Type of problem: krb5 -- KDC double free vulnerability.
Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html>
Following the reference URL shows that this vulnerability affects krb5
>=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit
should not be showing this port as vulnerable. Is there a bug in
portaudit or some other problem?
FYI my system is:
FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD
8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010
root at capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC amd64
--plw
More information about the freebsd-ports
mailing list