Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Feb 2011 13:01:26 +0100
From:      Matthias Andree <mandree@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        remko@FreeBSD.org, secteam@FreeBSD.org, simon@FreeBSD.org
Subject:   ports/154911: bogus linux-jdk entry in vuln.xml? 
Message-ID:  <E1Pr7yg-0009dk-Rn@apollo.emma.line.org>
Resent-Message-ID: <201102201550.p1KFo9rM000676@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         154911
>Category:       ports
>Synopsis:       bogus linux-jdk entry in vuln.xml?
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 20 15:50:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 8.2-PRERELEASE amd64
>Organization:
FreeBSD 
>Environment:
System: FreeBSD apollo.emma.line.org 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #61: Tue
Feb 15 23:03:47 CET 2011 root@apollo.emma.line.org:/usr/obj/usr/src/sys/GENERIC
amd64


        
>Description:
Greetings,

vuln.xml as of revision 1.633 (Sat Apr 16 22:35:09 2005 UTC) committed by
remko and approved by simon, contains these lines in the
vid="18e5428f-ae7c-11d9-837d-000e0c2e438a" section - sorry rewriting to
pseudo-lisp syntax to avoid send-pr comment stripping:

(vuln vid="..." (topic)(affects (package (name linux-jdk)(range >= 0))))

Apparently this blocks linux-sun-jdk-1.6.0.24 upgrades in ports.

Could someone check this entry for me so that we can upgrade linux-sun-jdk
without forcing DISABLE_VULNERABILITIES?

Thanks.


I also wonder what the general policy WRT PKGNAMEPREFIX vs. PORTNAME is
for the vulnerability checking.



Error received from how-to-repeat section (apparently bogus):
===>  linux-sun-jdk-1.6.0.24 has known vulnerabilities:
=> jdk -- jar directory traversal vulnerability.
   Reference: http://portaudit.FreeBSD.org/18e5428f-ae7c-11d9-837d-000e0c2e438a.html

>How-To-Repeat:
cd /usr/ports/java/linux-sun-jdk16 && make
        
>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1Pr7yg-0009dk-Rn>