ports/186497: Local overrides for pkg audit
Garrett Wollman
wollman at freebsd.org
Wed Feb 5 21:10:00 UTC 2014
>Number: 186497
>Category: ports
>Synopsis: Local overrides for pkg audit
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 05 21:10:00 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 9.2-RELEASE-p2 amd64
>Organization:
none
>Environment:
System: FreeBSD hergotha.csail.mit.edu 9.2-RELEASE-p2 FreeBSD 9.2-RELEASE-p2 #12 r259226: Wed Dec 11 16:42:55 EST 2013 wollman at hergotha.csail.mit.edu:/usr/obj/usr/src/sys/HERGOTHA amd64
pkg 1.2.5
>Description:
pkg audit reports many vulnerabilities which are
configuration-dependent. It would be nice to have a local override
file to silence warnings about vulnerabilities that the administrator
has determined to be inapplicable or has applied a workaround for.
>How-To-Repeat:
Run pkg audit on a 9.x system with openssh-portable-6.2.p2_5,1
installed. The vulnerability only applies when AES-GCM is in use,
which the OpenSSL on 9.x does not support.
>Fix:
Probably add a new data file to read with a list of vuln IDs to
acknowledge, and an option flag to pkg audit to show all vulns
including those that were silenced.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list