Date: Thu, 24 Jul 2008 03:07:45 +0200 From: Kris Kennaway <kris@FreeBSD.org> To: twhoffma@student.matnat.uio.no Cc: freebsd-questions@freebsd.org Subject: Re: Installing jdk on 7-Release: Has known vulnerabilities from 2005? Message-ID: <4887D5E1.9080903@FreeBSD.org> In-Reply-To: <49448.80.202.85.78.1216861022.squirrel@webmail.uio.no> References: <48764.80.202.85.78.1216849881.squirrel@webmail.uio.no> <4887AFD4.9000106@FreeBSD.org> <49448.80.202.85.78.1216861022.squirrel@webmail.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Torgeir Hoffmann wrote: > Hi again! > >>> when I try to install linux-sun-jdk16 from ports I get: >>> >>> ===> linux-sun-jdk-1.6.0.07 has known vulnerabilities: >>> => jdk -- jar directory traversal vulnerability. >>> Reference: >>> <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>; >>> => Please update your ports tree and try again. >>> *** Error code 1 >>> >>> This refers to a vulnerability from 2005 (!). I get the same thing with >>> the 1.5 port. >>> I desperately want to avoid building the native version due to the fact >>> that I have a not that sporty laptop, and the packages from the freebsd >>> foundation is not available yet. >>> >>> I have the latest portsnap port snapshot. >> Update your portaudit database. > > I did that. > > portaudit -Fda > > Still, same thing. Thought this was very strange as well. > > Anything else that I should have done? (It's probably right in front of me!) Talk to the port maintainer if you think the vulnerability no longer exists, or build with DISABLE_VULNERABILITIES if you choose to override the warning. Kris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4887D5E1.9080903>