Date: Tue, 6 May 2014 13:27:11 -0700 From: "edflecko ." <edflecko@gmail.com> To: freebsd-questions@freebsd.org Subject: pkg audit disagrees with pkg upgrade ??? Message-ID: <CAFS4T6ZTGERL3a6DmkAhHMLG2C%2BNT6hbA--dgwwQZo9Gux_ogg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm checking to see if I need to upgrade any installed packages. pkg audit -F says I have three vulnerabilities, but when I run pkg upgrade -y, it thinks everything is O.K. (see below) Why the discrepancy? Which one should I believe? fbsd_box# pkg audit -F Vulnxml file up-to-date. linux-f10-expat-2.0.1 is vulnerable: expat2 -- Parser crash with specially formatted UTF-8 sequences CVE: CVE-2009-3720 WWW: http://portaudit.FreeBSD.org/5f030587-e39a-11de-881e-001aa0166822.html linux-f10-png-1.2.37_2 is vulnerable: png -- memory corruption/possible remote code execution CVE: CVE-2011-3048 WWW: http://portaudit.FreeBSD.org/262b92fe-81c8-11e1-8899-001ec9578670.html linux-f10-tiff-3.8.2 is vulnerable: tiff -- Multiple integer overflows CVE: CVE-2009-2347 WWW: http://portaudit.FreeBSD.org/8816bf3a-7929-11df-bcce-0018f3e2eb82.html 3 problem(s) in the installed packages found. fbsd_box# pkg upgrade -y Updating repository catalogue Nothing to do Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFS4T6ZTGERL3a6DmkAhHMLG2C%2BNT6hbA--dgwwQZo9Gux_ogg>