From owner-freebsd-ports@FreeBSD.ORG  Tue May 18 20:47:35 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D3DF16A4CE
	for <freebsd-ports@freebsd.org>; Tue, 18 May 2004 20:47:35 -0700 (PDT)
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net
	[207.217.120.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0C72143D45
	for <freebsd-ports@freebsd.org>;
	Tue, 18 May 2004 20:47:35 -0700 (PDT)
	(envelope-from rpratt1950@earthlink.net)
Received: from user71.net817.fl.sprint-hsd.net ([65.41.238.71]
	helo=kt.weeble.com)
	by falcon.mail.pas.earthlink.net with smtp (Exim 3.33 #1)
	id 1BQI3I-0002C9-00
	for freebsd-ports@freebsd.org; Tue, 18 May 2004 20:47:32 -0700
Date: Tue, 18 May 2004 23:47:31 -0400
From: Randy Pratt <rpratt1950@earthlink.net>
To: freebsd-ports@freebsd.org
Message-Id: <20040518234731.3246e250.rpratt1950@earthlink.net>
X-Mailer: Sylpheed version 0.9.10 (GTK+ 1.2.10; i386-portbld-freebsd4.10)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Portaudit inhibits updating to mysql-client-4.0.20
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2004 03:47:35 -0000

I see where the mysql bug has been fixed in CVS:

  http://docs.freebsd.org/cgi/mid.cgi?200405181150.i4IBowxX087508

but portupgrade refused to update to the fixed version:

  ===>  Cleaning for mysql-client-4.0.20
  ===>  mysql-client-4.0.20 has known vulnerabilities:
  >> MySQL insecure temporary file creation (mysqlbug).
 Reference:<http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>
  >> Please update your ports tree and try again.

I did update the (portaudit -F) database before portupgrade.  I just
went ahead and disabled portaudit to do the update.
# portupgrade -m DISABLE_VULNERABILITIES=yes mysql-client-4.0.18_1

Is portaudit always going to be lagging behind the vuln.xml ?

Thanks,

Randy
--