question about Portaudit and code freezes

Roland Smith rsmith at
Thu Aug 25 17:48:50 GMT 2005

On Thu, Aug 25, 2005 at 12:29:10PM -0500, Joe Auty wrote:
> On Aug 25, 2005, at 11:12 AM, Roland Smith wrote:
> >On Thu, Aug 25, 2005 at 03:23:11AM -0500, Joe Auty wrote:
> >
> >>Hello,
> >>
> >>How come xpdf is still showing up as a vulnerability, even though the
> >>latest portrevision was supposed to resolve these problems? Has the
> >>portaudit database not been updated because of the code freeze?
> >>
> >
> >Some other ports (like cups-base) incorporate part of the xpdf
> >code. so they will still show up as vulnerable. But I think that the
> >message shouldn't refer to xpdf. It's confusing.
> >
> >Roland

(please, do not top-post) 
> Is Xpdf still listed in the portsaudit database as being vulnerable  
> for you?

No, it isn't. I think you misunderstand. AFAIK, cups includes a copy of
(part of?) xpdf. Even if the original xpdf is fixed, cups-base won't be
until a equivalent fix is applied, or the fixed code is imported into

> If so, I guess there is nothing I can do except wait... I was just  
> wondering if this has not been corrected because of the freeze?

Could be, but I guess such a safety-related fix would not be held
back. Maybe a fix hasn't been applied to cups yet.

R.F.Smith ( Please send e-mail as plain text.
public key:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list