Date: Sun, 12 Dec 2010 15:28:58 -0500 From: Kevin Kreamer <kevin@kreamer.org> To: freebsd-ports@freebsd.org Subject: Security updates for packages? Message-ID: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, Having not used FreeBSD for several years, I did a fresh install yesterday of 8.1-RELEASE, and then used pkg_add -r to install several packages. I then came across portaudit, ran it, and it indicated that I had three vulnerable packages (git, ruby, and sudo). Looking at http://www.vuxml.org/freebsd/, it appears that these were reported in July, August, and September respectively. Basically, I would think a freshly installed system would not have security vulnerabilities from months prior. Is that an erroneous assumption on my part, am I just misunderstanding something, or do I have something misconfigured? Do only ports get security updates, and not packages? Or is this related to the fact that I picked RELEASE, versus CURRENT or STABLE? Thanks, Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B>