Portaudit is flagging security/krb5 as vulnerable, but as far as I can tell it is incorrect.
capricorn:/usr/ports/security/krb5:19% portaudit -vC Affected package: krb5-1.8.3 (matched by krb5>=1.7) Type of problem: krb5 -- KDC double free vulnerability. Reference: <http://portaudit.FreeBSD.org/86b8b655-4d1a-11df-83fb-0015587e2cc1.html> Following the reference URL shows that this vulnerability affects krb5 >=1.7 and krb5 <1.8.2, but the ports tree has 1.8.3 so portaudit should not be showing this port as vulnerable. Is there a bug in portaudit or some other problem? FYI my system is: FreeBSD capricorn.lib.uchicago.edu 8.0-RELEASE-p4 FreeBSD 8.0-RELEASE-p4 #0: Fri Jul 16 11:53:40 CDT 2010 r...@capricorn.lib.uchicago.edu:/usr/obj/usr/src/sys/GENERIC amd64 --plw _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
