Displaying 20 results from an estimated 10000 matches similar to: "ports/84312: security/portaudit doesn't report about all security bugs"
2004 Mar 16
3
portaudit
Any reason why portaudit and its associated infrastructure was not announced to
this list or security-notifications? I recently discovered it, and discovered
the feature was added to bsd.port.mk in the beginning of feburary. Seeing as
the security officer apparently (without announcement) no longer issues
security notices (SNs) for ports, I am assuming that portaudit has replaced
SNs entirely,
2007 Dec 18
1
Portaudit database truncated?
December 18, 2007
Dear Madam, dear Sir,
the portaudit database is very small:
>portaudit -F
auditfile.tbz 100% of 5688 B 9737 Bps
New database installed.
>
In addition, portaudit does not complain about what it did
complain a few days ago. It seems to me that the database
is truncated.
By the way: How do I post to a mailing list without being
later spammed by the
2006 Jul 28
2
Ruby vulnerability?
Hi,
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
https://rhn.redhat.com/errata/RHSA-2006-0604.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
cheers,
-- Joel Hatton --
Infrastructure Manager | Hotline: +61 7 3365 4417
AusCERT - Australia's national
2004 Mar 29
1
cvs commit: ports/multimedia/xine Makefile
Jacques A. Vidrine wrote:
> On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote:
>
>>Jacques A. Vidrine wrote:
>>
>>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote:
>>>
>>>>eik 2004/03/28 15:44:06 PST
>>>>
>>>>FreeBSD ports repository
>>>>
>>>>Modified files:
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi!
cc'd to freebsd-security@ as somebody there may correct me,
cc'd to secteam@ as maintaner of security/portaudit.
On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote:
> I've just updated my acroread port to 7.0.1 & was surprised when portaudit
> still listed it as a vulnerability.
I think it is portaudit problem.
> According to
2004 May 03
1
Bad VuXML check on PNG port ?
Hello,
The current png-1.2.5_4 port has no more vulnerability.
It has been corrected by ache@FreeBSD.org yesterday.
But when i try to install the updated port to remplace
the vulnerable one this is what i am told :
# make install
===> png-1.2.5_4 has known vulnerabilities:
>> libpng denial-of-service.
Reference:
2004 Jun 13
0
FYI: new port security/portaudit-db
Dear porters and port users,
I've added a new port security/portaudit-db that complements
security/portaudit for users
that have a current ports tree and want to generate the portaudit
database themselves,
possibly distributing it over their local network. This will save you
the traffic downloading
information that is already on your local machine and avoid the lag that
is currently
2006 Sep 13
2
ports / www/linux-seamonkey / flashplugin vulnerability
Hi!
Since linux-flashplugin7 r63 is vulnerable according to
http://vuxml.FreeBSD.org/7c75d48c-429b-11db-afae-000c6ec775d9.html
isn't www/linux-seamonkey vulerable, too (it seems to include 7 r25)?
Bye
Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
2005 Nov 06
2
What happened with portaudit?
Hello,
One of my machines I got a report about 3 vulnerable packages (php4,
ruby, openssl) in tomorrows security run output, but in today's security
run output all of them disappeared, but nobody upgraded or removed the
affected packages. I reinstalled portaudit, refreshd its database, but
now it reports 0 affected pakages. The pkg_info command lists that three
packages, so they are
2005 Sep 07
2
Problem with portaudit's database
Hello!
Yesterday portaudit notified me about squid's vulnerability, but today it
didn't (despite I haven't upgraded squid). This has attracted my attention,
so I've compared yesterday's and today's auditfile.tbz:
-r--r--r-- 1 root wheel 29875 Sep 6 15:40 auditfile.tbz
vs.
-r--r--r-- 1 root wheel 5685 Sep 7 10:11 auditfile.tbz
I don't see commits to
2004 May 16
1
Way to ignore portaudit results?
Hello,
The mysql40-client port currently reports a security
problem when I try to install it:
neely:/usr/ports/databases/mysql40-client$ make
===> mysql-client-4.0.18_1 has known vulnerabilities:
>> MySQL insecure temporary file creation (mysqlbug).
Reference:
<http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>
>> Please update your ports
2004 Sep 13
2
Kerberos 5 Security Alert?
Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD
use the MIT implementation? I got an email from CERT about this. See
the attached message below.
--
Daniel Rudy
>From - Sat Sep 04 03:22:15 2004
X-UIDL: a8f31551eb03ca144862bddc8ccce266
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004
2004 Dec 27
4
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home
page defaced one dark morning. The patch for phpBB is here.
http://www.phpbb.com/downloads.php
The excerpt of the log is attached.
I believe the link to the described exploit is here.
http://secunia.com/advisories/13239
The defacement braggen page is here filter to show the exploited FreeBSD
machines that aneurysm.inc
2007 Jan 10
1
Recent vulnerabilities in xorg-server
Colin, good day!
Spotted two patches for x11-servers/xorg-server port: see entries for
x11r6.9.0-dbe-render.diff and x11r6.9.0-cidfonts.diff at
http://xorg.freedesktop.org/releases/X11R6.9.0/patches/index.html
Seems like they are not applied to the xorg-server-6.9.0_5. May be
it should be added to the VuXML document?
There is a ports/107733 issue that incorporates these patches. May
be you
2006 Apr 10
1
[RFC] Ideas and Questions in security updates ( portaudit, freebsd-update)
Hi all,
I use FreeBSD for severals years and this Project now have a
possibility the full security update (src) with
freebsd-update, is really great for Release users but is break for Stable
user.
Ok !!! Exist a possibility for apply manual patch and compile issue,
but for me problem existe in fix kernel issue in stable branch because is
require a update for last stable and this
2004 Oct 26
5
please test: Secure ports tree updating
CVSup is slow, insecure, and a memory hog. However, until now
it's been the only option for keeping an up-to-date ports tree,
and (thanks to all of the recent work on vuxml and portaudit)
it has become quite obvious that keeping an up-to-date ports
tree is very important.
To provide a secure, lightweight, and fast alternative to CVSup,
I've written portsnap. As the name suggests, this
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello!
Port security/portaudit reports the following problem:
Affected package: FreeBSD-491000
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
<http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm
l>
Note: To disable this check add the uuid to `portaudit_fixed' in
/usr/local/etc/portaudit.conf
I have 2 related questions:
1)
2013 Jul 03
1
curl and CVE-2013-2174
Dear members,
It may sound a silly question. I have curl installed:
# pkg_info |grep curl
curl-7.24.0_3 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)
Today portsnap updated the ftp/curl port, and patch-CVE-2013-2174 appeared
in files/, but the port version remained such that portaudit, and
portupgrade still complain about curl's version. What is the recommended
way to
2004 Apr 19
0
VuXML and FreeBSD
Hello All,
I'd like to bring to your attention the Vulnerabilities and eXposures
Markup Language (VuXML) and associated resources.
VuXML is a markup language designed for the documentation of security
issues within a single package collection. Since about February
of this year, we have been diligently documenting vulnerabilities
in FreeBSD and the FreeBSD Ports Collection using VuXML. The
2007 Nov 12
11
Various FreeBSD bits...
I just drudged through a bit of the archives and see a FreeBSD bits
floating in there that are of some value, but aren''t on the wiki. I
posted a few bits on the wiki regarding some FreeBSD cobbling that
I''ve done recently and hope that folk find it of use (and start
posting their useful bits there as well).
http://reductivelabs.com/trac/puppet/wiki/PuppetFreeBSD
The