09e8089e23
Fix remote code execution which can occur with a specially crafted audit file. The attacker would need to get the portaudit(1) to download the bad audit database, e.g. by performing a man in the middle attack. Add signature verification of the portaudit database. The public key is for the database generated for portaudit.FreeBSD.org is included in the distribution. (This parts add the portaudit public key missed in initial commit.) Submitted by: Michael Gmelin <freebsd@grem.de> Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert Security: Remote code execution Security: http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html Feature safe: yes With hat: so |
||
|---|---|---|
| .. | ||
| files | ||
| Makefile | ||
| pkg-deinstall | ||
| pkg-descr | ||
| pkg-install | ||
| pkg-plist | ||
| pkg-req | ||