Hey, If you have portaudit installed, you should upgrade sooner rather than later!
Begin forwarded message: > From: "Simon L. Nielsen" <si...@freebsd.org> > Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist > ports/ports-mgmt/portaudit/files portaudit-cmd.sh > Date: 11 March 2012 21:32:58 GMT > To: ports-committ...@freebsd.org, cvs-po...@freebsd.org, cvs-...@freebsd.org > > simon 2012-03-11 21:32:58 UTC > > FreeBSD ports repository > > Modified files: > ports-mgmt/portaudit Makefile pkg-plist > ports-mgmt/portaudit/files portaudit-cmd.sh > Log: > Portaudit 0.6.0: > > Fix remote code execution which can occur with a specially crafted > audit file. The attacker would need to get the portaudit(1) to > download the bad audit database, e.g. by performing a man in the > middle attack. > > Add signature verification of the portaudit database. The public key > is for the database generated for portaudit.FreeBSD.org is included > in the distribution. > > Submitted by: Michael Gmelin <free...@grem.de> > Reported by: Michael Gmelin <free...@grem.de>, Joerg Scheinert > Security: Remote code execution > Security: > http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html > Feature safe: yes > With hat: so -- Simon L. B. Nielsen FreeBSD Deputy Security Officer _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
