From owner-freebsd-questions@FreeBSD.ORG Wed May 7 15:17:48 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 39F1E913 for ; Wed, 7 May 2014 15:17:48 +0000 (UTC) Received: from mail-oa0-x235.google.com (mail-oa0-x235.google.com [IPv6:2607:f8b0:4003:c02::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 038445E3 for ; Wed, 7 May 2014 15:17:47 +0000 (UTC) Received: by mail-oa0-f53.google.com with SMTP id m1so1367893oag.26 for ; Wed, 07 May 2014 08:17:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=tZ+rXcud6rDosKDrC3wxMajPaKf1D4dDmgGihT7Wesg=; b=g0ZrslnG7iZhCpYKqz/qsIXq1zAPaB1wcJYv7ziwGDoW3uO0utL2B0VrZjugsmWse0 f86LhMAY7Sq/ijvZWaJognOMqQQxJv/jnQ4WpaAK3rD4G8BnFlI5yOtFVXFMvqdRAwtx Tv2GZV3eemdqNc6o/TnHXiuvrAWnR+prifTDKXicvftY6SubBp1APuXAxth8sESZhpxr cG4/cTLukIegIJmrEKsSyI5MX0LCMNCEVU6HFzCYTkP5EItsHLiI7e0XRW/dEOTT9lQX zeqm7AFYIcQVuMXHcY5qxve6EKOi6ZZkHIoOc+mBdlqEn6KNEo3wCIUIkkLJXFEg2Dxg Kmmg== MIME-Version: 1.0 X-Received: by 10.182.97.1 with SMTP id dw1mr45940483obb.23.1399475866180; Wed, 07 May 2014 08:17:46 -0700 (PDT) Received: by 10.60.144.137 with HTTP; Wed, 7 May 2014 08:17:46 -0700 (PDT) In-Reply-To: <44d2fp8w7c.fsf@lowell-desk.lan> References: <5369DF16.40000@qeng-ho.org> <44d2fp8w7c.fsf@lowell-desk.lan> Date: Wed, 7 May 2014 08:17:46 -0700 Message-ID: Subject: Re: pkg audit disagrees with pkg upgrade ??? From: "edflecko ." To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2014 15:17:48 -0000 Cool! Thank you Lowell. :-) Ed On Wed, May 7, 2014 at 8:06 AM, Lowell Gilbert < freebsd-questions-local@be-well.ilk.org> wrote: > Don't top-post, please. > > "edflecko ." writes: > > > On Wed, May 7, 2014 at 12:21 AM, Arthur Chance > wrote: > > > >> On 06/05/2014 21:27, edflecko . wrote: > >> > >>> I'm checking to see if I need to upgrade any installed packages. pkg > audit > >>> -F says I have three vulnerabilities, but when I run pkg upgrade -y, it > >>> thinks everything is O.K. (see below) > >>> > >>> Why the discrepancy? Which one should I believe? > >>> > >> > >> Apples and oranges. Just because a port has a vulnerability doesn't > >> necessarily mean there's a newer version available yet. > > > Great, thank you. > > > > Is there a way to see what package(s) is specifically using these > dependent > > packages? I might choose to remove the host package, for security > reasons, > > and thereby remove these as well. > > Sure. "pkg info -r ". See "man pkg-info" for details. > > Or, sometimes, I just try to "pkg delete" the package, and (if it's > still a dependency) I'll get an error message that tells me what depends > on it. >