portaudit: recommended packages can't be installed

Kent Stewart kstewart at owt.com
Sat May 21 07:38:57 PDT 2005


On Saturday 21 May 2005 06:29 am, Robert S wrote:
> 8I've just started playing around with FreeBSD.  One of my main
> priorities of an OS is ease of upgrading.  If I run portaudit, I get
> a list of insecure packages (here is an excerpt from the output):
>
> Affected package: firefox-1.0.3,1
> Type of problem: mozilla -- code execution via javascript: IconURL
> vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/eca6195a-c233-11d9-804c-02061
>b08fc24.html>
>
> Affected package: kdelibs-3.4.0_1
> Type of problem: kdelibs -- kimgio input validation errors.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/06404241-b306-11d9-a788-00010
>20eed82.html>
>
> 4 problem(s) in your installed packages found.
>
> You are advised to update or deinstall the affected package(s)
> immediately. freebsd #
>
> If I try to replace kdelibs with a binary package, or install it
> through ports (after doing a cvsup), I still get verion 3.4.0_1.

You are doing something fundamentaly wrong. The 
latest /usr/ports/INDEX[-5] shows a kdelibs-3.4.0_4.  

How did you cvsup and did you update the INDEX files?

Kent
>
> Are fixes not necessarily made available when security
> vulnerabilities are found?
>
> Also -- is there a similar utility to portaudit and freebsd-update,
> that can be used on the base operating system (not through ports)?
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"

-- 
Kent Stewart
Richland, WA

http://users.owt.com/kstewart/index.html


More information about the freebsd-questions mailing list