K 10
svn:author
V 5
simon
K 8
svn:date
V 27
2012-03-11T21:32:58.000000Z
K 7
svn:log
V 640
Portaudit 0.6.0:

Fix remote code execution which can occur with a specially crafted
audit file.  The attacker would need to get the portaudit(1) to
download the bad audit database, e.g. by performing a man in the
middle attack.

Add signature verification of the portaudit database.  The public key
is for the database generated for portaudit.FreeBSD.org is included
in the distribution.

Submitted by:	Michael Gmelin <freebsd@grem.de>
Reported by:	Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
Security:	Remote code execution
Security:	http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
Feature safe:	yes
With hat:	so

END
