Installing jdk on 7-Release: Has known vulnerabilities from
2005?
Kris Kennaway
kris at FreeBSD.org
Thu Jul 24 01:07:47 UTC 2008
Torgeir Hoffmann wrote:
> Hi again!
>
>>> when I try to install linux-sun-jdk16 from ports I get:
>>>
>>> ===> linux-sun-jdk-1.6.0.07 has known vulnerabilities:
>>> => jdk -- jar directory traversal vulnerability.
>>> Reference:
>>> <http://www.FreeBSD.org/ports/portaudit/18e5428f-ae7c-11d9-837d-000e0c2e438a.html>
>>> => Please update your ports tree and try again.
>>> *** Error code 1
>>>
>>> This refers to a vulnerability from 2005 (!). I get the same thing with
>>> the 1.5 port.
>>> I desperately want to avoid building the native version due to the fact
>>> that I have a not that sporty laptop, and the packages from the freebsd
>>> foundation is not available yet.
>>>
>>> I have the latest portsnap port snapshot.
>> Update your portaudit database.
>
> I did that.
>
> portaudit -Fda
>
> Still, same thing. Thought this was very strange as well.
>
> Anything else that I should have done? (It's probably right in front of me!)
Talk to the port maintainer if you think the vulnerability no longer
exists, or build with DISABLE_VULNERABILITIES if you choose to override
the warning.
Kris
More information about the freebsd-questions
mailing list