portaudit question.....

K Anderson freebsduser at comcast.net
Wed Sep 28 13:57:14 PDT 2005


----- Original Message ----- 
From: "Wright Jim Contractor 14MDSS/SGSI" <jim.wright.ctr at columbus.af.mil>
To: <freebsd-questions at FreeBSD.org>
Sent: Wednesday, September 28, 2005 1:07 PM
Subject: portaudit question.....


> To keep the story short:
>
>
>
> I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005;
> pasted from the dmesg.boot file.
>
> To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade
> commands correctly.
>
> But, I'm pretty sure I'm still overlooking and/or leaving something out.
>
>
>
> I just discovered the portaudit command and ran it against my system.
>
> It comes up with 15 items that need to be upgraded or deinstalled.
>
> For this question I'll use Mozilla.
>
> The version it reports is Mozilla-1.7.7,2.
I'll take a stab at this one. Portaudit is a tool that takes your installed 
ports then goes out and finds any known vulnerabilities (man portaudit 
says --  portaudit -- system to check installed packages for known 
vulnerabilities.) In your example Mozilla. There are times that a vulnerable 
port does not have an update to it (pkg_version | grep "<") so all the 
updating you do may or may not make a difference. Keep your ports tree up to 
date and check with pkg_version | grep "<" to see if there are changes. One 
other thing to note, they give you a URL to the issue they are talking about 
so you could potentially find more information that may guide you to getting 
an update or what's involved in the issue.

Hope that helps. 




More information about the freebsd-questions mailing list