Security updates for packages?
Kevin Kreamer
kevin at kreamer.org
Sun Dec 12 20:55:04 UTC 2010
Hi,
Having not used FreeBSD for several years, I did a fresh install yesterday
of 8.1-RELEASE, and then used pkg_add -r to install several packages. I
then came across portaudit, ran it, and it indicated that I had three
vulnerable packages (git, ruby, and sudo). Looking at
http://www.vuxml.org/freebsd/, it appears that these were reported in July,
August, and September respectively.
Basically, I would think a freshly installed system would not have security
vulnerabilities from months prior. Is that an erroneous assumption on my
part, am I just misunderstanding something, or do I have something
misconfigured? Do only ports get security updates, and not packages? Or is
this related to the fact that I picked RELEASE, versus CURRENT or STABLE?
Thanks,
Kevin
More information about the freebsd-ports
mailing list