Date: Sun, 11 Dec 2022 18:45:05 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 268296] ports-mgmt/pkg: pip-audit regularly shows vulnerabilities not reported by pkg audit Message-ID: <bug-268296-32340-wumdRxl3T5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268296-32340@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268296 Graham Perrin <grahamperrin@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |feature, needs-qa URL| |https://www.freebsd.org/cgi | |/man.cgi?query=pkg-audit&se | |ktion=8&manpath=FreeBSD-Por | |ts Status|New |Open CC| |grahamperrin@freebsd.org --- Comment #1 from Graham Perrin <grahamperrin@freebsd.org> --- Brief ramble … <https://www.freshports.org/vuxml.php?package=python39>; leads to various details, including a 2022-12-07 entry. Rewind to <https://www.freshports.org/lang/python39/>, the skull icon – not greyed out – indicates a vulnerability. <https://www.freshports.org/faq.php#vuxml>; (In reply to Phil Budne from comment #0) > … if pkg audit could report whether or not a pkg upgrade is available > that fixes a reported vulnerability. … With FreshPorts able to distinguish between current and past vulnerabilities … yes, I wonder whether pkg-audit(8) can signal that a (reported) vulnerability is without a (ported) fix. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268296-32340-wumdRxl3T5>