why pkgs with vulnerabilities on quarterly aren’t updated

rplace rplace at vivaldi.net
Sat Nov 25 16:21:46 UTC 2017

Every day I check pkg audit -F on 11.1 from quarterly, and for like a month
it’s listed many xorg-server vulnerabilities. And now it’s listed firefox-esr
vulnerabilities for what seems like at least a week.

For xorg-server, I see that there’s
which has drawn zero attention.

I see that there are newer versions in latest.

How do I tell when issues have fallen between the cracks vs
a change deliberately not being brought to quarterly?

In cases like this, does it make sense to talk to maintainers,
or to one of the pkg/ports lists, or…?

More information about the freebsd-questions mailing list