PHP vulnerability and portupgrade
charles at idealso.com
Wed Dec 22 06:47:01 PST 2004
Mark Andrews said:
>> Thanks a lot for your reply. If I understand things correctly, I need to
>> maintain two cvsup files - one that tracks security issues in the base
>> FreeBSD 5.3 system (tag=RELENG_5_3, src-all) and one for the ports
>> collection (tag=. , ports-all). Then every time I receive a FreeBSD
>> security advisory I run cvsup on the former, and every time portaudit tells
>> me about a new security issue in the ports collection, I run cvsup on the
>> latter, then use portupgrade to upgrade vulnerable ports.
>> Is this correct?
> Essentually. When you install portaudit it will be run as
> part of the daily periodic jobs provided the FreeBSD version
> is new enough (which 5.3 is).
Portaudit gets added to the daily periodic scripts on 4.10 also.
And contrary to name, portaudit will also watch for vulnerabilities in the
base system. For example, the cvs issue from awhile back showed up in my
portaudit results. Thus, it's not strictly necessary to always keep your base
system source up to date as long as your system is stable and you're watching
the portaudit results.
Ideal Solution, LLC - http://www.idealso.com
More information about the freebsd-stable