Displaying 20 results from an estimated 1000 matches similar to: "Bad VuXML check on PNG port ?"
2004 Mar 29
1
cvs commit: ports/multimedia/xine Makefile
Jacques A. Vidrine wrote:
> On Mon, Mar 29, 2004 at 08:14:29PM +0200, Oliver Eikemeier wrote:
>
>>Jacques A. Vidrine wrote:
>>
>>>On Sun, Mar 28, 2004 at 03:44:06PM -0800, Oliver Eikemeier wrote:
>>>
>>>>eik 2004/03/28 15:44:06 PST
>>>>
>>>>FreeBSD ports repository
>>>>
>>>>Modified files:
2004 Mar 16
3
portaudit
Any reason why portaudit and its associated infrastructure was not announced to
this list or security-notifications? I recently discovered it, and discovered
the feature was added to bsd.port.mk in the beginning of feburary. Seeing as
the security officer apparently (without announcement) no longer issues
security notices (SNs) for ports, I am assuming that portaudit has replaced
SNs entirely,
2007 Dec 18
1
Portaudit database truncated?
December 18, 2007
Dear Madam, dear Sir,
the portaudit database is very small:
>portaudit -F
auditfile.tbz 100% of 5688 B 9737 Bps
New database installed.
>
In addition, portaudit does not complain about what it did
complain a few days ago. It seems to me that the database
is truncated.
By the way: How do I post to a mailing list without being
later spammed by the
2005 Nov 06
2
What happened with portaudit?
Hello,
One of my machines I got a report about 3 vulnerable packages (php4,
ruby, openssl) in tomorrows security run output, but in today's security
run output all of them disappeared, but nobody upgraded or removed the
affected packages. I reinstalled portaudit, refreshd its database, but
now it reports 0 affected pakages. The pkg_info command lists that three
packages, so they are
2005 Sep 07
2
Problem with portaudit's database
Hello!
Yesterday portaudit notified me about squid's vulnerability, but today it
didn't (despite I haven't upgraded squid). This has attracted my attention,
so I've compared yesterday's and today's auditfile.tbz:
-r--r--r-- 1 root wheel 29875 Sep 6 15:40 auditfile.tbz
vs.
-r--r--r-- 1 root wheel 5685 Sep 7 10:11 auditfile.tbz
I don't see commits to
2004 Feb 18
1
[Fwd: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability]
Attached is a security alert from Gentoo pertaining to clam antivirus.
It seems that as of this morning, FreeBSD's ports still contain the
affected version.
Thank in advance,
Tom Veldhouse
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Yamin <plasmaroo@gentoo.org>
Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
Date:
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello!
Port security/portaudit reports the following problem:
Affected package: FreeBSD-491000
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
<http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm
l>
Note: To disable this check add the uuid to `portaudit_fixed' in
/usr/local/etc/portaudit.conf
I have 2 related questions:
1)
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi!
cc'd to freebsd-security@ as somebody there may correct me,
cc'd to secteam@ as maintaner of security/portaudit.
On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote:
> I've just updated my acroread port to 7.0.1 & was surprised when portaudit
> still listed it as a vulnerability.
I think it is portaudit problem.
> According to
2004 May 02
1
What's our current policy on ports FORBIDDEN knob?
Greetings,
I'm a little curious about the way FORBIDDEN knob is used in ports system.
Traditionally, we use it to mark a port which have known security issue,
with the new vuxml mechanism, are we still doing the same thing when
necessary? Or, only the "critical" ones, for example, remote exploitable
buffer overruns, etc?
If the second assumption (only critical ones are marked
2004 Sep 13
2
Kerberos 5 Security Alert?
Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD
use the MIT implementation? I got an email from CERT about this. See
the attached message below.
--
Daniel Rudy
>From - Sat Sep 04 03:22:15 2004
X-UIDL: a8f31551eb03ca144862bddc8ccce266
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004
2004 Dec 27
4
Found security expliot in port phpBB 2.0.8 FreeBSD4.10
I think, there is a neat exploit in the phpbb2.0.8 because I found my home
page defaced one dark morning. The patch for phpBB is here.
http://www.phpbb.com/downloads.php
The excerpt of the log is attached.
I believe the link to the described exploit is here.
http://secunia.com/advisories/13239
The defacement braggen page is here filter to show the exploited FreeBSD
machines that aneurysm.inc
2004 Apr 19
0
VuXML and FreeBSD
Hello All,
I'd like to bring to your attention the Vulnerabilities and eXposures
Markup Language (VuXML) and associated resources.
VuXML is a markup language designed for the documentation of security
issues within a single package collection. Since about February
of this year, we have been diligently documenting vulnerabilities
in FreeBSD and the FreeBSD Ports Collection using VuXML. The
2006 Jul 28
2
Ruby vulnerability?
Hi,
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
https://rhn.redhat.com/errata/RHSA-2006-0604.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
cheers,
-- Joel Hatton --
Infrastructure Manager | Hotline: +61 7 3365 4417
AusCERT - Australia's national
2004 Feb 13
2
XFree86 Font Information File Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Has anyone see this alert?
http://www.securityfocus.com/archive/1/353352
It seems to work on Linux, but when I tried the proof of concept on
4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump
or segmentation fault. So, it seems likely to me that FreeBSD is not
vulnerable to this. Any other thoughts on this matter?
John
2005 Aug 18
4
New FreeBSD Security Officer
Hello Everyone!
It has been my pleasure and privilege to serve as the FreeBSD
Security Officer for the past 3+ years. With the crucial support of
the FreeBSD Security Team members, a lot has been accomplished:
hundreds of security issues have been researched and tracked, with
some resulting in security advisories and patches; software in the
Ports Collection are updated more quickly
2004 Feb 26
3
Environment Poisoning and login -p
There's been an ongoing discussion (started by
Colin Percival's recent work on nologin) about
environment-poisoning attacks via "login -p".
I thought I saw a way to address this, but the more I learn,
the uglier this looks. Maybe some of the good folks who read
freebsd-security can puzzle this one out:
Problem: login -p can be used to propagate environment flags
in order to
2004 Aug 17
1
remotely exploitable vulnerability in lukemftpd / tnftpd
Hi Everyone,
http://vuxml.freebsd.org/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
A critical vulnerability was found in lukemftpd, which shipped with some
FreeBSD versions (4.7 and later). However, with the exception of
FreeBSD 4.7, lukemftpd was not built and installed by default. So,
unless you are running FreeBSD 4.7-RELEASE or specified WANT_LUKEMFTP
when building FreeBSD from source, you
2005 Jul 30
1
ports/84312: security/portaudit doesn't report about all security bugs
Old Synopsis: portaudit doesn't report about all security bugs
New Synopsis: security/portaudit doesn't report about all security bugs
Responsible-Changed-From-To: freebsd-ports-bugs->freebsd-security
Responsible-Changed-By: linimon
Responsible-Changed-When: Fri Jul 29 21:37:38 GMT 2005
Responsible-Changed-Why:
Over to maintainer(s).
http://www.freebsd.org/cgi/query-pr.cgi?pr=84312
2003 Sep 16
9
OpenSSH heads-up
OK, an official OpenSSH advisory was released, see here:
<URL: http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html >
The fix is currently in FreeBSD -CURRENT and -STABLE. It will be
applied to the security branches as well today. Attached are patches:
buffer46.patch -- For FreeBSD 4.6-RELEASE and later
buffer45.patch -- For FreeBSD 4.5-RELEASE and
2003 Sep 23
3
OpenSSH: multiple vulnerabilities in the new PAM code
This affects only 3.7p1 and 3.7.1p1. The advice to leave
PAM disabled is far from heartening, nor is the semi-lame
blaming the PAM spec for implementation bugs.
I happen to like OPIE for remote access.
Subject: Portable OpenSSH Security Advisory: sshpam.adv
This document can be found at: http://www.openssh.com/txt/sshpam.adv
1. Versions affected:
Portable OpenSSH versions 3.7p1