Bug 129240 - [security/vuxml] eliminate false-positive for samba due to the entry in old portaudit.xml
[security/vuxml] eliminate false-positive for samba due to the entry in old p...
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: Wesley Shields
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-27 20:30 UTC by rea-fbsd
Modified: 2009-01-19 21:02 UTC (History)
1 user (show)

See Also:


Attachments
portaudit.xml-fix-old-VuXML-entries-for-samba.diff (2.46 KB, patch)
2008-11-27 20:30 UTC, rea-fbsd
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description rea-fbsd 2008-11-27 20:30:00 UTC
Samba version specification that is found in the old portaudit.xml file
inside ports-mgmt/portaudit-db/databases has improper entry that cathes
modern Samba port:
-----
$ pkg_version -T samba-3.2.4 'samba>=3.*<3.0.5,1' && echo Found!
Found!
-----

Fix: The following patch fixes the things, at least for me:
How-To-Repeat: 
Run the above command or do 'cd /usr/ports/net/samba32-devel;
make check-vulnerable', it should produce something like this:
-----
===>  samba-3.2.4 has known vulnerabilities:
=> Multiple Potential Buffer Overruns in Samba.
   Reference: <http://www.FreeBSD.org/ports/portaudit/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html>
=> Please update your ports tree and try again.
*** Error code 1
-----
Comment 1 Martin Wilke freebsd_committer 2008-11-27 21:08:45 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 dfilter freebsd_committer 2008-11-30 21:54:29 UTC
simon       2008-11-30 21:54:20 UTC

  FreeBSD ports repository

  Modified files:
    ports-mgmt/portaudit-db/database portaudit.xlist portaudit.xml 
  Log:
  Remove entry 2de14f7a-dad9-11d8-b59a-00061bc2ad93 (Multiple
  Potential Buffer Overruns in Samba) which is duplicated from
  vuln.xml.  I don't know why this entry is duplicated here, but I
  suspect it's related to portaudit.txt.
  
  By removing the entry from here, the entry in vuln.xml should
  just be used instead.
  
  PR:             ports/129240
  Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>
  
  Revision  Changes    Path
  1.8       +1 -2      ports/ports-mgmt/portaudit-db/database/portaudit.xlist
  1.18      +1 -46     ports/ports-mgmt/portaudit-db/database/portaudit.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Wesley Shields freebsd_committer 2009-01-18 14:28:00 UTC
Responsible Changed
From-To: miwi->wxs

I'll take it.
Comment 4 Wesley Shields freebsd_committer 2009-01-19 21:02:47 UTC
State Changed
From-To: open->closed

This was fixed by simon@ on 2008-11-30 21:54:20 UTC