portaudit: problem with logic for security/krb5
Shaun Amott
shaun at FreeBSD.org
Sun Aug 15 17:15:10 UTC 2010
On Sun, Aug 15, 2010 at 10:53:54AM -0500, Peggy Wilkins wrote:
>
> Portaudit is flagging security/krb5 as vulnerable, but as far as I can
> tell it is incorrect.
>
> capricorn:/usr/ports/security/krb5:19% portaudit -vC
> Affected package: krb5-1.8.3 (matched by krb5>=1.7)
> Type of problem: krb5 -- KDC double free vulnerability.
> Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html>
>
> Following the reference URL shows that this vulnerability affects krb5
> >=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit
> should not be showing this port as vulnerable. Is there a bug in
> portaudit or some other problem?
>
> FYI my system is:
> FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD
> 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010
> root at capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC amd64
>
Looks like the XML was incorrect for this entry. I have now fixed it.
Thanks for the report.
--
Shaun Amott // PGP: 0x6B387A9A
"A foolish consistency is the hobgoblin
of little minds." - Ralph Waldo Emerson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20100815/4f12a59c/attachment.pgp
More information about the freebsd-ports
mailing list