portaudit: problem with logic for security/krb5

Peggy Wilkins enlil65 at gmail.com
Sun Aug 15 16:20:53 UTC 2010

Portaudit is flagging security/krb5 as vulnerable, but as far as I can
tell it is incorrect.

capricorn:/usr/ports/security/krb5:19% portaudit -vC
Affected package: krb5-1.8.3 (matched by krb5>=1.7)
Type of problem: krb5 -- KDC double free vulnerability.
Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html>

Following the reference URL shows that this vulnerability affects krb5
>=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit
should not be showing this port as vulnerable.  Is there a bug in
portaudit or some other problem?

FYI my system is:
FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD
8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010
root at capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC  amd64


More information about the freebsd-ports mailing list