Is the vulnerability database up to date?
Erik Norgaard
norgaard at locolomo.org
Sat Nov 11 10:29:08 UTC 2006
Josh Carroll wrote:
>> So - what's the point? I mean updating the port to a newer port with the
>> same or newer known vulnerabilities?
>
> # portaudit
> 0 problem(s) in your installed packages found.
> # pkg_info| grep firefox
> firefox-2.0_2,1 Web browser based on the browser portion of Mozilla
>
> Seems ok to me. Which version of firefox is in your ports tree, and
> have you run portaudit -F lately?
This is weird. When I wrote yesterday I had updated ports and the vuln
database just before that. Now I just did
# pkg_info |grep firefox
which gave TWO matches, one was 2.0_r2,1 which I have previously built
with disabling vuln, later I upgraded to 2.0_1,1. For some reason the
2.0_2r,1 had not been deleted completely I guess, and after deleting it
with pkg_delete, there are no longer any warnings.
But it still beats me why this should affect building the newer version,
building for the 2.0_2,1 version yesterday terminated with a list of
vulnerabilities. How is this check run for new builds?
Thanks, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions
mailing list