Keeping VuXML DB updated
lists at opsec.eu
Sat May 6 09:32:15 UTC 2017
> Due to a vulnerability issue earlier with a port, I received some kind
> emails of using the command below to update the VuXML DB (which is not a
> part of the ports tree).
> I did so on my server and got the following output:
> --- cut ---
> > pkg audit -F
> vulnxml file up-to-date
> tiff-4.0.7_1 is vulnerable:
> tiff -- multiple vulnerabilities
> CVE: CVE-2017-7602
> What is the next procedure to follow; should I inform the port
> maintainer of the reported port
portmgr knows about this, but there's no solution right now.
> ((ports are a user group effort) ) or
> should I update this port with "DISABLE_VULNERABILITIES=yes" ?
There are ports that depend on tiff, and maybe you are using one
of them. If you do not need those other ports, remove tiff.
Otherwise: this (DISABLE_VULNERABILITIES) is, while not perfect,
the next step.
pi at opsec.eu +49 171 3101372 3 years to go !
More information about the freebsd-ports