using pkg audit to show base vulnerabilities

Ben Woods woodsb02 at gmail.com
Wed Sep 7 23:23:45 UTC 2016


On 8 September 2016 at 05:25, Mark Felder <feld at freebsd.org> wrote:

> I have been toying with the idea of creating a port that provides a
> script called "baseaudit" that can make it very easy to check your
> system for known vulns. With the majority of the logic in this script we
> could also include this periodic script in the package which would check
> nightly as well. Perhaps we should collaborate on this together? I will
> need to review your script in detail but at a glance it appears very
> thorough.
>
>
> Thanks!
>
> --
>   Mark Felder
>   ports-secteam member
>   feld at FreeBSD.org
>

Just a thought, once we move to PkgBase, will this simply work work "pkg
audit"?

Are the new vuxml entries in the correct format to detect for individual
base packages?
E.g. FreeBSD-libxo, FreeBSD-libxo-debug, FreeBSD-libxo-development

Are the new vuxml entries in a format that would support PkgBase for
releases as well as for stable/current?
E.g. FreeBSD-libxo-12.0_2, FreeBSD-libxo-12.0.s20160903042939

Regards,
Ben


More information about the freebsd-security mailing list