Keeping VuXML DB updated

Jos Chrispijn bsdports at
Sat May 6 08:43:40 UTC 2017

Due to a vulnerability issue earlier with a port, I received some kind 
emails of using the command below to update the VuXML DB (which is not a 
part of the ports tree).

I did so on my server and got the following output:

--- cut ---

 > pkg audit -F
vulnxml file up-to-date
tiff-4.0.7_1 is vulnerable:
tiff -- multiple vulnerabilities
CVE: CVE-2017-7602
CVE: CVE-2017-7601
CVE: CVE-2017-7600
CVE: CVE-2017-7599
CVE: CVE-2017-7598
CVE: CVE-2017-7597
CVE: CVE-2017-7596
CVE: CVE-2017-7595
CVE: CVE-2017-7594
CVE: CVE-2017-7593
CVE: CVE-2017-7592
CVE: CVE-2017-5225

1 problem(s) in the installed packages found.

--- cut ---

What is the next procedure to follow; should I inform the port 
maintainer of the reported port ((ports are a user group effort) ) or 
should I update this port with "DISABLE_VULNERABILITIES=yes" ?

Happy to contribute,
Jos Chrispijn

More information about the freebsd-ports mailing list