similar to: What happened with portaudit?

Hello! Yesterday portaudit notified me about squid's vulnerability, but today it didn't (despite I haven't upgraded squid). This has attracted my attention, so I've compared yesterday's and today's auditfile.tbz: -r--r--r-- 1 root wheel 29875 Sep 6 15:40 auditfile.tbz vs. -r--r--r-- 1 root wheel 5685 Sep 7 10:11 auditfile.tbz I don't see commits to

December 18, 2007 Dear Madam, dear Sir, the portaudit database is very small: >portaudit -F auditfile.tbz 100% of 5688 B 9737 Bps New database installed. > In addition, portaudit does not complain about what it did complain a few days ago. It seems to me that the database is truncated. By the way: How do I post to a mailing list without being later spammed by the

Hello, The current png-1.2.5_4 port has no more vulnerability. It has been corrected by ache@FreeBSD.org yesterday. But when i try to install the updated port to remplace the vulnerable one this is what i am told : # make install ===> png-1.2.5_4 has known vulnerabilities: >> libpng denial-of-service. Reference:

Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm l> Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1)

Any reason why portaudit and its associated infrastructure was not announced to this list or security-notifications? I recently discovered it, and discovered the feature was added to bsd.port.mk in the beginning of feburary. Seeing as the security officer apparently (without announcement) no longer issues security notices (SNs) for ports, I am assuming that portaudit has replaced SNs entirely,

Old Synopsis: portaudit doesn't report about all security bugs New Synopsis: security/portaudit doesn't report about all security bugs Responsible-Changed-From-To: freebsd-ports-bugs->freebsd-security Responsible-Changed-By: linimon Responsible-Changed-When: Fri Jul 29 21:37:38 GMT 2005 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=84312

Hello, The mysql40-client port currently reports a security problem when I try to install it: neely:/usr/ports/databases/mysql40-client$ make ===> mysql-client-4.0.18_1 has known vulnerabilities: >> MySQL insecure temporary file creation (mysqlbug). Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html> >> Please update your ports

Hi all, I use FreeBSD for severals years and this Project now have a possibility the full security update (src) with freebsd-update, is really great for Release users but is break for Stable user. Ok !!! Exist a possibility for apply manual patch and compile issue, but for me problem existe in fix kernel issue in stable branch because is require a update for last stable and this

Hello, I saw in the Porters Handbook this OSVERSION macro: 6.0-STABLE after incorporating scripts from the local_startup directories into the base rcorder(8) <http://www.FreeBSD.org/cgi/man.cgi?query=rcorder&sektion=8>. 600101 I think that change has been merged to the RELENG_5 branch but I1m not sure. If so, could somebody tell me what is the corresponding OSVERSION for RELENG_5?

Jacques A. Vidrine wrote: > On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote: > >>Jacques A. Vidrine wrote: >> >>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote: >>> >>>>eik 2004/03/28 15:44:06 PST >>>> >>>>FreeBSD ports repository >>>> >>>>Modified files:

Dear porters and port users, I've added a new port security/portaudit-db that complements security/portaudit for users that have a current ports tree and want to generate the portaudit database themselves, possibly distributing it over their local network. This will save you the traffic downloading information that is already on your local machine and avoid the lag that is currently

Dear members, It may sound a silly question. I have curl installed: # pkg_info |grep curl curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared in files/, but the port version remained such that portaudit, and portupgrade still complain about curl's version. What is the recommended way to

Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

Hi, I am running an environment with 15 FreeBSD servers on which I want to maintain ports, rc.conf settings, and assorted configuration in /usr/local/etc/. Looked around the existing Puppet docs, I got a puppetmaster and a test client to work and install a package as specified in the site manifest. This is very basic but awesome! I want to create a puppet FreeBSD HowTo that addresses a

I am doing unit-tests for Maruku and every once in a while I run into some doubts. I am posting a lot to the list, but all of these messages should be in-topic (tell me if not). Consider the input: --- `There is a literal backtick (\`) here.` `There is a literal backtick (\\`) here.` ``There is a literal backtick (`) here.`` --- The documentation says that line 2 and 3 are equivalent.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, are there any plans to allow FreeBSD jails to bind to more than one IP address? My scenario (virtual hosting) : 3 front-end hosts with 2 interfaces each, one on the public network, the other on a private subnet. 1 back-end host, providing NFS mounts for the front-ends. This scenarion is not uncommon in ISP environments, usually with a big

I noticed that there were quite a few files with version ids of '$FreeBSD$' when I ran mergemaster after an install of 4.8R. This isn't right is it? What are the consequences of installing over your files with unexpanded version ids? I would like to build a release(make release) and want to know if I can continue or if this is going to be a problem for future

many, MANY apologies up front if i have sent this to the wrong place! I am inherently a software engineer who now gets to monitor a mail server (don't ask). anyway i get an email message that alerts me from a user that we have been hacked by a spammer and the mail message header is: ------------- Forwarded message follows ------------- X-Auth-No: Return-Path: