From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 22 05:52:33 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D4D551065672
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Feb 2012 05:52:33 +0000 (UTC)
	(envelope-from bah@bananmonarki.se)
Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se
	[82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id 417FD8FC14
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Feb 2012 05:52:32 +0000 (UTC)
Received: from kw.news4all.se (c80-217-70-175.bredband.comhem.se
	[80.217.70.175])
	by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id q1M5qU9b046125;
	Wed, 22 Feb 2012 06:52:30 +0100 (CET)
	(envelope-from bah@bananmonarki.se)
Message-ID: <4F448285.7010804@bananmonarki.se>
Date: Wed, 22 Feb 2012 06:52:05 +0100
From: Bernt Hansson <bah@bananmonarki.se>
User-Agent: Mozilla/5.0 (X11; FreeBSD i386;
	rv:9.0) Gecko/20111229 Thunderbird/9.0
MIME-Version: 1.0
To: alexus <alexus@gmail.com>
References: <CAJxePNLc=r5FqH+AgjkhbTEyamw=oc2X899bxxEk9Ldm0c=cAQ@mail.gmail.com>
	<201202030915.42976.erichfreebsdlist@ovitrap.com>
	<CAJxePNKHkWEP+tTw8re7S+sqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com>
In-Reply-To: <CAJxePNKHkWEP+tTw8re7S+sqcJEgZg89zMyom_6ooRudvpdAjw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: freebsd package update / upgrade
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2012 05:52:33 -0000

2012-02-22 04:56, alexus skrev:

> all I want is to update these
>
> f9# portaudit -a
> Affected package: python27-2.7.2_3
> Type of problem: Python -- DoS via malformed XML-RPC / HTTP POST request.
> Reference: http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html

portupgrade -iR (use p also if you want to build a package) python27

> Affected package: sudo-1.8.3_1
> Type of problem: sudo -- format string vulnerability.
> Reference: http://portaudit.FreeBSD.org/7c920bb7-4b5f-11e1-9f47-00e0815b8da8.html

portupgrade -iR(p) sudo

> Affected package: ruby-1.8.7.352_2,1
> Type of problem: Multiple implementations -- DoS via hash algorithm collision.
> Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

portupgrade -iR(p) ruby

> 3 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s) immediately.
> f9#
>
> P.S. why is it pkg_add installing vulnerable versions at the first
> place? i just installed ruby and already is a problem??

Because pakages are built for *-RELEASE