freebsduser at comcast.net
Wed Sep 28 13:57:14 PDT 2005
----- Original Message -----
From: "Wright Jim Contractor 14MDSS/SGSI" <jim.wright.ctr at columbus.af.mil>
To: <freebsd-questions at FreeBSD.org>
Sent: Wednesday, September 28, 2005 1:07 PM
Subject: portaudit question.....
> To keep the story short:
> I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005;
> pasted from the dmesg.boot file.
> To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade
> commands correctly.
> But, I'm pretty sure I'm still overlooking and/or leaving something out.
> I just discovered the portaudit command and ran it against my system.
> It comes up with 15 items that need to be upgraded or deinstalled.
> For this question I'll use Mozilla.
> The version it reports is Mozilla-1.7.7,2.
I'll take a stab at this one. Portaudit is a tool that takes your installed
ports then goes out and finds any known vulnerabilities (man portaudit
says -- portaudit -- system to check installed packages for known
vulnerabilities.) In your example Mozilla. There are times that a vulnerable
port does not have an update to it (pkg_version | grep "<") so all the
updating you do may or may not make a difference. Keep your ports tree up to
date and check with pkg_version | grep "<" to see if there are changes. One
other thing to note, they give you a URL to the issue they are talking about
so you could potentially find more information that may guide you to getting
an update or what's involved in the issue.
Hope that helps.
More information about the freebsd-questions