Samba version specification that is found in the old portaudit.xml file inside ports-mgmt/portaudit-db/databases has improper entry that cathes modern Samba port: ----- $ pkg_version -T samba-3.2.4 'samba>=3.*<3.0.5,1' && echo Found! Found! ----- Fix: The following patch fixes the things, at least for me: How-To-Repeat: Run the above command or do 'cd /usr/ports/net/samba32-devel; make check-vulnerable', it should produce something like this: ----- ===> samba-3.2.4 has known vulnerabilities: => Multiple Potential Buffer Overruns in Samba. Reference: <http://www.FreeBSD.org/ports/portaudit/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html> => Please update your ports tree and try again. *** Error code 1 -----
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
simon 2008-11-30 21:54:20 UTC FreeBSD ports repository Modified files: ports-mgmt/portaudit-db/database portaudit.xlist portaudit.xml Log: Remove entry 2de14f7a-dad9-11d8-b59a-00061bc2ad93 (Multiple Potential Buffer Overruns in Samba) which is duplicated from vuln.xml. I don't know why this entry is duplicated here, but I suspect it's related to portaudit.txt. By removing the entry from here, the entry in vuln.xml should just be used instead. PR: ports/129240 Reported by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Revision Changes Path 1.8 +1 -2 ports/ports-mgmt/portaudit-db/database/portaudit.xlist 1.18 +1 -46 ports/ports-mgmt/portaudit-db/database/portaudit.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Responsible Changed From-To: miwi->wxs I'll take it.
State Changed From-To: open->closed This was fixed by simon@ on 2008-11-30 21:54:20 UTC