Pkg audit package not identified as vulnerable
Marko Turk
marko at markoturk.info
Mon Sep 7 08:07:29 UTC 2015
Hi,
I have both gstreamer1-libav and ffmpeg installed. Both are vulnerable
(according to vuxml.freebsd.org) but pkg audit prints one package
two times. Additionally, pkg audit -v prints only one package as
vulnerable.
Is this intended behavior?
BR,
Marko
root at shkatula:~ # pkg audit
gstreamer1-libav-1.4.5 is vulnerable:
ffmpeg -- use after free
CVE: CVE-2015-3417
WWW: https://vuxml.FreeBSD.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html
gstreamer1-libav-1.4.5 is vulnerable:
ffmpeg -- out-of-bounds array access
CVE: CVE-2015-3395
WWW: https://vuxml.FreeBSD.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html
1 problem(s) in the installed packages found.
root at shkatula:~ # pkg audit -q
gstreamer1-libav-1.4.5
root at shkatula:~ #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pkg/attachments/20150907/31d71289/attachment.bin>
More information about the freebsd-pkg
mailing list