ICU Portupdate faulty

Jos Chrispijn bsdports at
Sat May 6 08:33:02 UTC 2017

Thanks y'all for your support - this was a real eye opener.

Best regards,

Op 5-5-2017 om 19:19 schreef Kevin Oberman:
> On Fri, May 5, 2017 at 6:37 AM, Jos Chrispijn 
> <bsdports at <mailto:bsdports at>> wrote:
>     Op 5-5-2017 om 18:05 schreef Adam Weinberger:
>             On 5 May, 2017, at 9:48, mokhi <mokhi64 at
>             <mailto:mokhi64 at>> wrote:
>             Well, as I can see here <
>             <> > an
>             older version of this port is vulnerable not current version.
>             Maybe by updating your tree your problem will be solved :-]
>         Yes, this is the correct answer. After icu got patched, the
>         VuXML entry was lowered to mark 58.2_2,1 as non-vulnerable.
>         Jos, it sounds like your ports tree is after the icu update
>         but before the VuXML modification. Update your ports tree to
>         bring in the new VuXML file and you should be good.
>     Adam, perhaps I am missing the clue here:
>     - I had the correct updated version in my ports collection
>     - Updating the vulnerable installed icu version with that version
>     should not provide the Vulnerability message as that version is
>     updates with the correct version in my icu port.
>     In my case, Jim's suggestion to use "DISABLE_VULNERABILITIES=yes"
>     was the only way of getting my faulty icu version updated to the
>     version that is in my port.
>     Kind of confused,
>     Jos 
> The VuXML DB is not a part of the ports tree. It is usually updated by 
> the nightly periodic script, but you can manually fetch it with "pkg 
> audit -F -q".
> --
> Kevin Oberman, Part time kid herder and retired Network Engineer
> E-mail: rkoberman at <mailto:rkoberman at>
> PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

More information about the freebsd-ports mailing list