ICU Portupdate faulty
Kevin Oberman
rkoberman at gmail.com
Fri May 5 17:19:47 UTC 2017
On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn <bsdports at cloudzeeland.nl>
wrote:
>
> Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>
>> On 5 May, 2017, at 9:48, mokhi <mokhi64 at gmail.com> wrote:
>>>
>>> Well, as I can see here < http://www.freshports.org/devel/icu/ > an
>>> older version of this port is vulnerable not current version.
>>> Maybe by updating your tree your problem will be solved :-]
>>>
>> Yes, this is the correct answer. After icu got patched, the VuXML entry
>> was lowered to mark 58.2_2,1 as non-vulnerable. Jos, it sounds like your
>> ports tree is after the icu update but before the VuXML modification.
>> Update your ports tree to bring in the new VuXML file and you should be
>> good.
>>
> Adam, perhaps I am missing the clue here:
>
> - I had the correct updated version in my ports collection
> - Updating the vulnerable installed icu version with that version should
> not provide the Vulnerability message as that version is updates with the
> correct version in my icu port.
>
> In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes" was the
> only way of getting my faulty icu version updated to the version that is in
> my port.
>
> Kind of confused,
> Jos
The VuXML DB is not a part of the ports tree. It is usually updated by the
nightly periodic script, but you can manually fetch it with "pkg audit -F
-q".
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-ports
mailing list