Date: Sun, 20 Feb 2011 13:01:26 +0100 From: Matthias Andree <mandree@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: remko@FreeBSD.org, secteam@FreeBSD.org, simon@FreeBSD.org Subject: ports/154911: bogus linux-jdk entry in vuln.xml? Message-ID: <E1Pr7yg-0009dk-Rn@apollo.emma.line.org> Resent-Message-ID: <201102201550.p1KFo9rM000676@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154911 >Category: ports >Synopsis: bogus linux-jdk entry in vuln.xml? >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Feb 20 15:50:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 8.2-PRERELEASE amd64 >Organization: FreeBSD >Environment: System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue Feb 15 23:03:47 CET 2011 root@apollo.emma.line.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: Greetings, vuln.xml as of revision 1.633 (Sat Apr 16 22:35:09 2005 UTC) committed by remko and approved by simon, contains these lines in the vid="18e5428f-ae7c-11d9-837d-000e0c2e438a" section - sorry rewriting to pseudo-lisp syntax to avoid send-pr comment stripping: (vuln vid="..." (topic)(affects (package (name linux-jdk)(range >= 0)))) Apparently this blocks linux-sun-jdk-1.6.0.24 upgrades in ports. Could someone check this entry for me so that we can upgrade linux-sun-jdk without forcing DISABLE_VULNERABILITIES? Thanks. I also wonder what the general policy WRT PKGNAMEPREFIX vs. PORTNAME is for the vulnerability checking. Error received from how-to-repeat section (apparently bogus): ===> linux-sun-jdk-1.6.0.24 has known vulnerabilities: => jdk -- jar directory traversal vulnerability. Reference: http://portaudit.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html >How-To-Repeat: cd /usr/ports/java/linux-sun-jdk16 && make >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Pr7yg-0009dk-Rn>