FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

portupgrade-devel -- lack of distfile checksums

Affected packages
portupgrade-devel < 0,3

Details

VuXML ID b428e6b3-926c-11e1-8d7b-003067b2972c
Discovery 2012-04-30
Entry 2012-04-30
Modified 2012-05-06

Ports security team reports:

The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild portupgrade-devel from known good sources.

References

Message http://web.archiveorange.com/archive/v/6ETvLYPz7CfFT9tiHKiI
Message http://www.freebsd.org/cgi/getmsg.cgi?fetch=100677+0+/usr/local/www/db/text/2012/cvs-ports/20120506.cvs-ports