similar to: Problem with portaudit's database

Hello, One of my machines I got a report about 3 vulnerable packages (php4, ruby, openssl) in tomorrows security run output, but in today's security run output all of them disappeared, but nobody upgraded or removed the affected packages. I reinstalled portaudit, refreshd its database, but now it reports 0 affected pakages. The pkg_info command lists that three packages, so they are

December 18, 2007 Dear Madam, dear Sir, the portaudit database is very small: >portaudit -F auditfile.tbz 100% of 5688 B 9737 Bps New database installed. > In addition, portaudit does not complain about what it did complain a few days ago. It seems to me that the database is truncated. By the way: How do I post to a mailing list without being later spammed by the

Hello, The current png-1.2.5_4 port has no more vulnerability. It has been corrected by ache@FreeBSD.org yesterday. But when i try to install the updated port to remplace the vulnerable one this is what i am told : # make install ===> png-1.2.5_4 has known vulnerabilities: >> libpng denial-of-service. Reference:

Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm l> Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1)

Any reason why portaudit and its associated infrastructure was not announced to this list or security-notifications? I recently discovered it, and discovered the feature was added to bsd.port.mk in the beginning of feburary. Seeing as the security officer apparently (without announcement) no longer issues security notices (SNs) for ports, I am assuming that portaudit has replaced SNs entirely,

Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD use the MIT implementation? I got an email from CERT about this. See the attached message below. -- Daniel Rudy >From - Sat Sep 04 03:22:15 2004 X-UIDL: a8f31551eb03ca144862bddc8ccce266 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004

Old Synopsis: portaudit doesn't report about all security bugs New Synopsis: security/portaudit doesn't report about all security bugs Responsible-Changed-From-To: freebsd-ports-bugs->freebsd-security Responsible-Changed-By: linimon Responsible-Changed-When: Fri Jul 29 21:37:38 GMT 2005 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=84312

Hello, The mysql40-client port currently reports a security problem when I try to install it: neely:/usr/ports/databases/mysql40-client$ make ===> mysql-client-4.0.18_1 has known vulnerabilities: >> MySQL insecure temporary file creation (mysqlbug). Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html> >> Please update your ports

Hi all, I use FreeBSD for severals years and this Project now have a possibility the full security update (src) with freebsd-update, is really great for Release users but is break for Stable user. Ok !!! Exist a possibility for apply manual patch and compile issue, but for me problem existe in fix kernel issue in stable branch because is require a update for last stable and this

Hi all, I''m trying to setup a puppet installation on FreeBSD. So far I have only one puppetmaster and one puppetclient, both with 0.24.4 from FreeBSD ports. On the master I''ve defined a couple of classes including this: class apache22 { package { apache22: ensure => installed, source => "http://x.x.x.x/packages/apache-2.2.9_5.tbz", provider =>

Jacques A. Vidrine wrote: > On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote: > >>Jacques A. Vidrine wrote: >> >>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote: >>> >>>>eik 2004/03/28 15:44:06 PST >>>> >>>>FreeBSD ports repository >>>> >>>>Modified files:

Dear porters and port users, I've added a new port security/portaudit-db that complements security/portaudit for users that have a current ports tree and want to generate the portaudit database themselves, possibly distributing it over their local network. This will save you the traffic downloading information that is already on your local machine and avoid the lag that is currently

Hi, all, I just wanted to report that. I do not yet have a patch to suggest. nanobsd.sh cust_pkg() still tries to call pkg_add and fails when adding packages to the NANO_WORLD_DIR. tbz vs. txz ? Kind regards Patrick -- punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe Tel. 0721 9109 0 * Fax 0721 9109 100 info at punkt.de http://www.punkt.de Gf: J?rgen Egeling AG Mannheim 108285

Dear members, It may sound a silly question. I have curl installed: # pkg_info |grep curl curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S) Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared in files/, but the port version remained such that portaudit, and portupgrade still complain about curl's version. What is the recommended way to

Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to

I am attempting to rsync data from a rsync server and set the permissions to a different gid on the client: my servers name is "rserver01" my clients name is "rclient01" here is the rysync.conf contained on rserver01: # log file log file = /var/adm/rsync_log # global options for all modules dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz uid = nobody

Hello, If anyone would like it I have provided a Dovecot 1.0 test61 port and package for FreeBSD 5.3 here. I made them for my own experimentation but thought they might be interesting to others I suppose. http://www.helenmarks.co.uk/~dom/dovecot/ These deviate from the stock test61 because I've updated and added a patch I wrote a long time ago for ioloop kqueue/kevent support in

Here's the problem. We perform full tar backups of our CentOS 4/5 machines in real-time at regular intervals. And when a disaster happens, we are able to restore those backups onto virgin filesystems, make the /dev/null, /dev/zero and /dev/console devices .. and boot the machine. This has worked well on standalone systems, and also on Xen 3.0.3 guests on CentOS 4.4 machines, where each guest

Hi Team, Please let me know the severity of CVE-2017-2619 and CVE-2017-7494. Arjit Kumar

Hi there list :) I use backuppc to take backup of a bunch of hosts, but I ran into problems with the last one I set up, I can't find anything that is different on this one...but it won't work... So any hints would be greatly appreciated, here are the files ryncd.conf: log file=/var/log/rsyncd pid file=/var/run/rsyncd.pid [all] comment = All disk path = / use