Date: Sun, 11 Dec 2022 18:45:05 +0000 From: bugzilla-noreply@freebsd.org To: pkg@FreeBSD.org Subject: [Bug 268296] ports-mgmt/pkg: pip-audit regularly shows vulnerabilities not reported by pkg audit Message-ID: <bug-268296-32340-wumdRxl3T5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268296-32340@https.bugs.freebsd.org/bugzilla/> References: <bug-268296-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268296 Graham Perrin <grahamperrin@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |feature, needs-qa URL| |https://www.freebsd.org/cgi | |/man.cgi?query=3Dpkg-audit= &se | |ktion=3D8&manpath=3DFreeBS= D-Por | |ts Status|New |Open CC| |grahamperrin@freebsd.org --- Comment #1 from Graham Perrin <grahamperrin@freebsd.org> --- Brief ramble =E2=80=A6 <https://www.freshports.org/vuxml.php?package=3Dpyth= on39> leads to various details, including a 2022-12-07 entry.=20 Rewind to <https://www.freshports.org/lang/python39/>, the skull icon =E2= =80=93 not greyed out =E2=80=93 indicates a vulnerability.=20 <https://www.freshports.org/faq.php#vuxml>; (In reply to Phil Budne from comment #0) > =E2=80=A6 if pkg audit could report whether or not a pkg upgrade is avail= able=20 > that fixes a reported vulnerability. =E2=80=A6 With FreshPorts able to distinguish between current and past vulnerabilitie= s =E2=80=A6 yes, I wonder whether pkg-audit(8) can signal that a (reported) vulnerabili= ty is without a (ported) fix. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268296-32340-wumdRxl3T5>