Date: Wed, 3 Jan 2007 19:45:40 +0100 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Simon Barner <barner@FreeBSD.org> Cc: ports@freebsd.org, secteam@freebsd.org Subject: Re: portaudit "forgot" 2006 vulnerabilities Message-ID: <20070103184540.GB999@zaphod.nitro.dk> In-Reply-To: <20070103183258.GA67537@dose.local.invalid> References: <20070103142305.GA84623@outcold.yadt.co.uk> <20070103183258.GA67537@dose.local.invalid>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2007.01.03 19:32:58 +0100, Simon Barner wrote: > David Taylor wrote: > > Whilst catching up with the daily run and security run e-mails > > >from the past few days, I noticed the portaudit database was restarted > > at the beginning of the year. Is this the expected behaviour? > > > > Now I still have vulnerable ports (with problems from last year which, > > until Monday, were faithfully reported to me every week), but get the > > message: > > > > # portaudit -Fa > > auditfile.tbz 100% of 5693 B 27 kBps > > New database installed. > > 0 problem(s) in your installed packages found. > > Same here... There is a bug in the portaudit database generator so when the VuXML document is broken so it's not valid XML the portaudit database generator just stops and produces an incomplete database file instead of not updating the database... This should of course be fixed so it's not a problem, but there are only so many hours in a day. I fixed the VuXML file about an hour ago so database should be OK now (of course you have to download a new one with -F if testing). BTW. if people see this thing please poke secteam@ like barner@ did, since I will see the problem much faster than mails to ports@. -- Simon L. Nielsen FreeBSD Security Team
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070103184540.GB999>