Date: Wed, 22 Dec 2004 09:46:58 -0500 (EST) From: "Charles Ulrich" <charles@idealso.com> To: "Mark Andrews" <Mark_Andrews@isc.org> Cc: Ladislav Bodnar <distro.watch@msa.hinet.net> Subject: Re: PHP vulnerability and portupgrade Message-ID: <54550.24.11.146.21.1103726818.squirrel@24.11.146.21> In-Reply-To: <200412220200.iBM20jV1022891@drugs.dv.isc.org> References: Your message of "Wed, 22 Dec 2004 09:52:01 %2B0800." <200412220952.01107.distro.watch@msa.hinet.net> <200412220200.iBM20jV1022891@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Andrews said: >> Thanks a lot for your reply. If I understand things correctly, I need to >> maintain two cvsup files - one that tracks security issues in the base >> FreeBSD 5.3 system (tag=RELENG_5_3, src-all) and one for the ports >> collection (tag=. , ports-all). Then every time I receive a FreeBSD >> security advisory I run cvsup on the former, and every time portaudit tells >> me about a new security issue in the ports collection, I run cvsup on the >> latter, then use portupgrade to upgrade vulnerable ports. >> >> Is this correct? > > Essentually. When you install portaudit it will be run as > part of the daily periodic jobs provided the FreeBSD version > is new enough (which 5.3 is). Portaudit gets added to the daily periodic scripts on 4.10 also. And contrary to name, portaudit will also watch for vulnerabilities in the base system. For example, the cvs issue from awhile back showed up in my portaudit results. Thus, it's not strictly necessary to always keep your base system source up to date as long as your system is stable and you're watching the portaudit results. -- Charles Ulrich Ideal Solution, LLC - http://www.idealso.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54550.24.11.146.21.1103726818.squirrel>