Hans van Leeuwen wrote:
"pkg_check is build on top of OpenBSD's ports-system. It checks a given
list of packages for vulnerablities against the VuXML database. If no
package is given all installed packages will be checked."
Please test the port and the program.
First, let me tell you that I am _extremely_ happy to see this program...
I might not have to use /usr/ports/infrastructure/build/out-of-date
anymore on my boxes which run -release and -stable, this is great.
So far, it works as expected under current/macppc:
# pkg_check
Fetching http://www.vuxml.org/openbsd/vuln.xml...
100%
|**********************************************************************|
108 KB 00:01
+---------------------------------------------------------------------------+
| mc -- multiple vulnerabilities
|
+---------------------------------------------------------------------------+
| affected mc-4.6.1p0
| discovery: 2005-02-17
| entry: 2005-02-17
| vid 4ccf3184-812c-11d9-b5a5-080020fe8945
| cvename CAN-2004-1004
| cvename CAN-2004-1005
| cvename CAN-2004-1092
| cvename CAN-2004-1176
+---------------------------------------------------------------------------+
| Midnight Commander contains several format string errors, bufferoverflows
| and one buffer underflow leading to execution of arbitrarycode. An
| attacker could exploit these vulnerabilities to execute arbitrarycode
| with the permissions of the user running Midnight Commander orcause
| Denial of Service by freeing unallocated memory.
+---------------------------------------------------------------------------+
Thank you for this port, I hope it'll be included.
Just one question though, who takes care of the VuXML database for
OpenBSD ? I mean, can one trust it or is it totally unofficial ?
Antoine
