Security updates for packages?

Kevin Kreamer kevin at
Sun Dec 12 20:55:04 UTC 2010


Having not used FreeBSD for several years, I did a fresh install yesterday
of 8.1-RELEASE, and then used pkg_add -r to install several packages.  I
then came across portaudit, ran it, and it indicated that I had three
vulnerable packages (git, ruby, and sudo). Looking at, it appears that these were reported in July,
August, and September respectively.

Basically, I would think a freshly installed system would not have security
vulnerabilities from months prior.  Is that an erroneous assumption on my
part, am I just misunderstanding something, or do I have something
misconfigured?  Do only ports get security updates, and not packages? Or is
this related to the fact that I picked RELEASE, versus CURRENT or STABLE?


More information about the freebsd-ports mailing list