ports/146418: port-mgmt/portaudit: vulnerability report disappears without security fix.
Kazuo Dohzono
dohzono at axion-software.com
Sun May 9 00:50:01 UTC 2010
>Number: 146418
>Category: ports
>Synopsis: port-mgmt/portaudit: vulnerability report disappears without security fix.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun May 09 00:50:00 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Kazuo Dohzono
>Release: FreeBSD-8.0 RELEASE
>Organization:
>Environment:
FreeBSD dohzono.vmware.axion-software.com 8.0-STABLE FreeBSD 8.0-STABLE #0: Fri Jan
8 00:58:42 JST 2010
dohzono at dohzono.vmware.axion-software.com:/usr/local/tmp/obj/usr/src/sys/GENERIC
i386
>Description:
Current www/tomcat55 (tomcat-5.5.28-1) must have a vulnerability below:
http://www.freebsd.org/ports/portaudit/3383e706-4fc3-11df-83fb-0015587e2cc1.html
Portaudit reported this information before some fixes below, but I
believe these are not security fix.
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/tomcat55/Makefile.diff?r1=1.48;r2=1.49;f=h
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/tomcat55/files/tomcat55.sh.in.diff?r1=1.8;r2=1.9;f=h
>How-To-Repeat:
Install port-mgmt/portaudit and www/tomcat55, and try "portaudit -aF".
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list