portaudit false positive

To: freebsd-audit@xxxxxxxxxxx
Subject: portaudit false positive
From: kerochan ii <kerochan2@xxxxxxxxx>
Date: Tue, 7 Sep 2004 20:40:44 -0400
Delivered-to: freebsd-audit@xxxxxxxxxxx
List-archive: <http://lists.freebsd.org/pipermail/freebsd-audit>
List-help: <mailto:freebsd-audit-request@freebsd.org?subject=help>
List-id: FreeBSD Security Audit <freebsd-audit.freebsd.org>
List-post: <mailto:freebsd-audit@freebsd.org>
List-subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>, <mailto:freebsd-audit-request@freebsd.org?subject=subscribe>
List-unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-audit>, <mailto:freebsd-audit-request@freebsd.org?subject=unsubscribe>
Reply-to: kerochan ii <kerochan2@xxxxxxxxx>

portaudit started warning me about a vulnerability in the cvs server
in the base system.
It reports that the affected package is FreeBSD-502010.
I realised that this is actually a vulnerability fixed months ago, and
because i'm tracking RELENG_5_2 and thus running 5.2.1-p9, it was
fixed on my system before portaudit even reported vulnerabilities in
base.
So please make it check if the base system is patched (uname -m) and
only let it report problems if they really exist.

Thank you in advance...

Follow-Ups:
- Re: portaudit false positive
  - From: Dag-Erling Smørgrav

Prev by Date: Keeping compress(1) WARNS?=6 clean
Next by Date: Re: portaudit false positive
Previous by thread: Keeping compress(1) WARNS?=6 clean
Next by thread: Re: portaudit false positive
Index(es):
- Date
- Thread