Date: Thu, 11 May 2023 18:11:45 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 271368] pkg info failure leads to nasty pkg delete behaviour Message-ID: <bug-271368-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D271368 Bug ID: 271368 Summary: pkg info failure leads to nasty pkg delete behaviour Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: freebsdbugs@wayne47.com pkg-1.19.1_1 installed pkg audit on 12.4-RELEASE-p2 system reported this security vulnerability: py39-setuptools-63.1.0 is vulnerable: py39-setuptools -- denial of service vulnerability CVE: CVE-2022-40897 WWW: https://vuxml.FreeBSD.org/freebsd/1b38aec4-4149-4c7d-851c-3c4de3a1fbd0.html so I checked what used it (I am eliminating most responses in the chain): % pkg info -dx py39-setuptools % pkg info -dx python39-3.9 % pkg info -dx readline readline-8.2.1: indexinfo-0.3.1 % pkg info -dx indexinfo-0.3.1 indexinfo-0.3.1: # No port listed suggests that nothi= ng uses it % pkg info -dx indexinfo # Double checking that no ports are listed indexinfo-0.3.1: # Same response # So it's safe to remove: % sudo pkg delete indexinfo-0.3.1 # Which then proceeded to delete most of the ports installed on the system = with no warning or ability to confirm! --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-271368-7788>