1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-21 04:06:46 +00:00
freebsd-ports/ports-mgmt/portaudit
Simon L. B. Nielsen 09e8089e23 Portaudit 0.6.0:
Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

(This parts add the portaudit public key missed in initial commit.)

Submitted by:   Michael Gmelin <freebsd@grem.de>
Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:       Remote code execution
Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:   yes
With hat:       so
2012-03-11 22:05:39 +00:00
..
files Portaudit 0.6.0: 2012-03-11 22:05:39 +00:00
Makefile
pkg-deinstall
pkg-descr
pkg-install
pkg-plist
pkg-req