Date: Sun, 15 Aug 2010 10:53:54 -0500 From: Peggy Wilkins <enlil65@gmail.com> To: freebsd-ports@freebsd.org Subject: portaudit: problem with logic for security/krb5 Message-ID: <AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Portaudit is flagging security/krb5 as vulnerable, but as far as I can tell it is incorrect. capricorn:/usr/ports/security/krb5:19% portaudit -vC Affected package: krb5-1.8.3 (matched by krb5>=1.7) Type of problem: krb5 -- KDC double free vulnerability. Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html> Following the reference URL shows that this vulnerability affects krb5 >=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit should not be showing this port as vulnerable. Is there a bug in portaudit or some other problem? FYI my system is: FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010 root@capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC amd64 --plw
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikx-2bOfEswwWG2uBYOEWkNZZ=Y-Oo6pGax%2BfTi>