[Bug 270547] ports-mgmt/pkg: missing information about security vulnerabilities in system components

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 30 Mar 2023 17:40:23 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270547

            Bug ID: 270547
           Summary: ports-mgmt/pkg: missing information about security
                    vulnerabilities in system components
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: pkg@FreeBSD.org
          Reporter: rashey@superbox.pl
          Assignee: pkg@FreeBSD.org
             Flags: maintainer-feedback?(pkg@FreeBSD.org)

# pkg audit -F FreeBSD-kernel-13.1_6
Fetching vuln.xml.xz: 100%  996 KiB   1.0MB/s    00:01
0 problem(s) in 0 installed package(s) found.

# pkg audit FreeBSD-13.1_6
0 problem(s) in 0 installed package(s) found.

There should be an information about CVE-2023-0286, CVE-2023-0215,
CVE-2022-4450 and CVE-2022-4304 at least.
Also periodic security (405.pkg-base-audit) reports are incomplete because of
the bug.

Reference:
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:03.openssl.asc

-- 
You are receiving this mail because:
You are the assignee for the bug.