From owner-freebsd-questions@FreeBSD.ORG  Sat Nov 11 10:29:08 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 645F616A407
	for <questions@freebsd.org>; Sat, 11 Nov 2006 10:29:08 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0D0843D49
	for <questions@freebsd.org>; Sat, 11 Nov 2006 10:29:07 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65])
	by strange.daemonsecurity.com (Postfix) with ESMTP id D81EF2E0F2;
	Sat, 11 Nov 2006 11:29:06 +0100 (CET)
Message-ID: <4555A587.8040402@locolomo.org>
Date: Sat, 11 Nov 2006 11:27:19 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5.0.7 (X11/20061022)
MIME-Version: 1.0
To: Josh Carroll <josh.carroll@psualum.com>
References: <4554E2BF.2090000@locolomo.org>
	<8cb6106e0611101416q42b236d3k5ce81c4261455ec1@mail.gmail.com>
In-Reply-To: <8cb6106e0611101416q42b236d3k5ce81c4261455ec1@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: questions@freebsd.org
Subject: Re: Is the vulnerability database up to date?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Nov 2006 10:29:08 -0000

Josh Carroll wrote:
>> So - what's the point? I mean updating the port to a newer port with the
>> same or newer known vulnerabilities?
> 
> # portaudit
> 0 problem(s) in your installed packages found.
> # pkg_info| grep firefox
> firefox-2.0_2,1     Web browser based on the browser portion of Mozilla
> 
> Seems ok to me. Which version of firefox is in your ports tree, and
> have you run portaudit -F lately?

This is weird. When I wrote yesterday I had updated ports and the vuln 
database just before that. Now I just did

# pkg_info |grep firefox

which gave TWO matches, one was 2.0_r2,1 which I have previously built 
with disabling vuln, later I upgraded to 2.0_1,1. For some reason the 
2.0_2r,1 had not been deleted completely I guess, and after deleting it 
with pkg_delete, there are no longer any warnings.

But it still beats me why this should affect building the newer version, 
building for the 2.0_2,1 version yesterday terminated with a list of 
vulnerabilities. How is this check run for new builds?

Thanks, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9