I have a 4.11-RELEASE system. Prior to doing some minor portupdates, I had this portaudit report:
Checking for packages with security vulnerabilities: Affected package: php4-4.4.1_3 Type of problem: php -- open_basedir Race Condition Vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html> Affected package: php4-4.4.1_3 Type of problem: php -- multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/ea09c5df-4362-11db-81e1-000e0c2e438a.html> Affected package: ruby-1.8.4_3,1 Type of problem: ruby - multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/76562594-1f19-11db-b7d4-0008743bf21a.html> Affected package: apache+mod_ssl-1.3.34+2.8.25_2 Type of problem: apache -- mod_rewrite buffer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/dc8c08c7-1e7c-11db-88cf-000c6ec775d9.html> Affected package: mutt-1.4.2.1_2 Type of problem: mutt -- Remote Buffer Overflow Vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/d2a43243-087b-11db-bc36-0008743bf21a.html> 5 problem(s) in your installed packages found. I cvsup'ped my ports tree and portupgraded ruby, mutt and portaudit, but not any of their dependencies (since version number changes were minor). portaudit -aF now thinks: www : 17:59:17 /root# portaudit -aF auditfile.tbz 100% of 38 kB 138 kBps New database installed. Affected package: php4-4.4.1_3 Type of problem: php -- open_basedir Race Condition Vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html> Affected package: php4-4.4.1_3 Type of problem: php -- multiple vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/ea09c5df-4362-11db-81e1-000e0c2e438a.html> 2 problem(s) in your installed packages found. Why does portaudit think the apache+mod_ssl problem went away? The installed version is still: apache+mod_ssl-1.3.34+2.8.25_2 The Apache 1.3 webserver with SSL/TLS functionality Thanks! Jim _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
