ICU Portupdate faulty

Kevin Oberman rkoberman at
Fri May 5 17:19:47 UTC 2017

On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn <bsdports at>

> Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>> On 5 May, 2017, at 9:48, mokhi <mokhi64 at> wrote:
>>> Well, as I can see here < > an
>>> older version of this port is vulnerable not current version.
>>> Maybe by updating your tree your problem will be solved :-]
>> Yes, this is the correct answer. After icu got patched, the VuXML entry
>> was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your
>> ports tree is after the icu update but before the VuXML modification.
>> Update your ports tree to bring in the new VuXML file and you should be
>> good.
> Adam, perhaps I am missing the clue here:
> - I had the correct updated version in my ports collection
> - Updating the vulnerable installed icu version with that version should
> not provide the Vulnerability message as that version is updates with the
> correct version in my icu port.
> In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was the
> only way of getting my faulty icu version updated to the version that is in
> my port.
> Kind of confused,
> Jos

The VuXML DB is not a part of the ports tree. It is usually updated by the
nightly periodic script, but you can manually fetch it with "pkg audit -F
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

More information about the freebsd-ports mailing list