Date: Wed, 07 May 2014 08:21:58 +0100 From: Arthur Chance <freebsd@qeng-ho.org> To: "edflecko ." <edflecko@gmail.com>, freebsd-questions@freebsd.org Subject: Re: pkg audit disagrees with pkg upgrade ??? Message-ID: <5369DF16.40000@qeng-ho.org> In-Reply-To: <CAFS4T6ZTGERL3a6DmkAhHMLG2C%2BNT6hbA--dgwwQZo9Gux_ogg@mail.gmail.com> References: <CAFS4T6ZTGERL3a6DmkAhHMLG2C%2BNT6hbA--dgwwQZo9Gux_ogg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/05/2014 21:27, edflecko . wrote: > I'm checking to see if I need to upgrade any installed packages. pkg audit > -F says I have three vulnerabilities, but when I run pkg upgrade -y, it > thinks everything is O.K. (see below) > > Why the discrepancy? Which one should I believe? Apples and oranges. Just because a port has a vulnerability doesn't necessarily mean there's a newer version available yet. > fbsd_box# pkg audit -F > > Vulnxml file up-to-date. > linux-f10-expat-2.0.1 is vulnerable: > expat2 -- Parser crash with specially formatted UTF-8 sequences > CVE: CVE-2009-3720 > WWW: http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html > > linux-f10-png-1.2.37_2 is vulnerable: > png -- memory corruption/possible remote code execution > CVE: CVE-2011-3048 > WWW: http://portaudit.FreeBSD.org/262b92fe-81c8-11e1-8899-001ec9578670.html > > linux-f10-tiff-3.8.2 is vulnerable: > tiff -- Multiple integer overflows > CVE: CVE-2009-2347 > WWW: http://portaudit.FreeBSD.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html > > 3 problem(s) in the installed packages found. > > fbsd_box# pkg upgrade -y > Updating repository catalogue > Nothing to do > > > Ed > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5369DF16.40000>