Date: Sat, 11 Dec 2004 02:01:47 -0000 From: "Petersen" <petersen@britersen.co.uk> To: "'Thomas S. Crum - AAA Web Solution, Inc.'" <tscrum@aaawebsolution.com> Cc: 'FreeBSD Question' <freebsd-questions@freebsd.org> Subject: RE: portaudit question Message-ID: <200412110201.iBB21kYM024486@britersen.co.uk> In-Reply-To: <005601c4dec3$3db30d30$0200a8c0@wolf>
next in thread | previous in thread | raw e-mail | index | archive | help
Thomas S. Crum wrote:
> Is there something that I am not updating that portaudit
> would like to see
> done or is this just a generic warning. Either way, please provide
> examples of what I might due to have it stop complaining. I
> can find no
> examples googling the portaudit "note" below.
>
> # Here's what I did.
>
<snip>
>
> # Here's what I get.
>
> beta# /usr/local/sbin/portaudit -Fda
> auditfile.tbz 100% of 15 kB 33
> kBps New database installed.
> Database created: Fri Dec 10 08:40:32 EST 2004
> Affected package: FreeBSD-491000
^^^^^^^^^^^^^^
Portaudit is complaining that FreeBSD-491000 itself has a vulnerability.
Specifically within the cvs code as it tells you.
> Type of problem: multiple vulnerabilities in the cvs server code.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b
> 0-000347a4fa 7d.html> Note: To disable this check add the uuid to
> `portaudit_fixed' in /usr/local/etc/portaudit.conf 0 problem(s) in
> your installed packages found.
>
As you can patch the system cvs without bumping the kernel version
number, portupgrade tells you that you can disable the check for this
uuid in portaudit.conf. This of course assumes you actually have patched
the cvs code in the base system (see the multiple security advisories
issued on the cvs vulnerabilities for details on how to patch them
manually, or upgrade to a more recent version/patchlevel of the 4.x
tree).
Petersen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412110201.iBB21kYM024486>