Date: Fri, 26 Sep 2014 08:25:12 -0700 From: Paul Hoffman <paul.hoffman@vpnc.org> To: freebsd-security@freebsd.org Subject: pkg repositories out of alignment (was: Re: bash velnerability) Message-ID: <F0417142-C09B-4D05-9DFC-81D58C1F4AAB@vpnc.org> In-Reply-To: <20140926123803.GA30925@zxy.spb.ru> References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <20140925193555.GB28430@satori.lan> <20140926123803.GA30925@zxy.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Just a note that the pkg repo for 10 seems to be far advanced over that = for 9.3. That is, the bash fix appeared in the 10 repo yesterday (or = earlier), but it still not in the 9.3 repo. Here's what I'm seeing on a = 9.3 box right now: # sudo pkg update Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. # sudo pkg audit bash-4.3.24 is vulnerable: bash -- remote code execution vulnerability CVE: CVE-2014-7169 CVE: CVE-2014-6271 WWW: = http://portaudit.FreeBSD.org/71ad81da-4414-11e4-a33e-3c970e169bc2.html 1 problem(s) in the installed packages found. # sudo pkg upgrade bash Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Checking integrity... done (0 conflicting) Your packages are up to date. I appreciate the speed that folks update the packages; I'm a bit = distressed that 9.3 seems to be a second-class citizen for security = fixes. (And I totally admit that I could be misreading the situation.) --Paul Hoffman=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F0417142-C09B-4D05-9DFC-81D58C1F4AAB>