Date: Sun, 30 Oct 2005 23:48:06 -0800 From: "Michael C. Shultz" <ringworm01@gmail.com> To: Daniel Pittman <daniel@rimspace.net>, freebsd-questions@freebsd.org Subject: Re: portaudit reports: how to exclude a specific vulnerability Message-ID: <200510302348.07655.ringworm01@gmail.com> In-Reply-To: <87oe56rxpi.fsf@rimspace.net> References: <87oe56rxpi.fsf@rimspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 30 October 2005 22:45, you wrote:
> G'day. I am relatively new to FreeBSD, but failed to find an answer to
> this question in the handbook, manual pages, or other references about
> portaudit:
>
> At the moment, portaudit is reporting one vulnerability on my system,
> with the 'p5-Crypt-OpenPGP' package.
>
> There isn't, apparently, a release of this package available that
> resolves the issue.
>
> I have checked the advisory and I am quite happy that the specific
> problem is not going to hurt here, so I don't mind that the
> theoretically vulnerable version is installed.[1]
>
> I can't work out how to tell portaudit to stop bothering me about this
> particular vulnerability, though.
>
> Can I ask it to exclude a vulnerability, or (ever better) a
> vulnerability/package combination, from reports?
>
I think this will do it, put it in /etc/make.conf
.if ${.CURDIR:M*/security/p5-Crypt-OpenPGP}
DISABLE_VULNERABILITIES="YES"
.endif
-Mike
>
> I specifically /don't/ want to exclude the package from auditing,
> though, since I want to know if another security issue turns up for it.
>
> Thanks,
> Daniel
>
> Footnotes:
> [1] The specific issue is a cryptographic weakness that needs a
> specific and particularly unlikely bit of code written by us before
> it actually does anything. Not, as they say, going to happen.
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510302348.07655.ringworm01>