Date: Wed, 18 Dec 2013 18:41:42 GMT From: Dan Langille <dan@langille.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/184976: pkg audit doesn't find vuln shown by portaudit Message-ID: <201312181841.rBIIfg8q004844@oldred.freebsd.org> Resent-Message-ID: <201312181850.rBIIo0T5019542@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 184976 >Category: ports >Synopsis: pkg audit doesn't find vuln shown by portaudit >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Dec 18 18:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Dan Langille >Release: 9.2-RELEASE >Organization: The FreeBSD Diary >Environment: FreeBSD slocum.unixathome.org 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898: Thu Sep 26 22:50:31 UTC 2013 root@bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: I'm finding that the output of pkg audit does not match portaudit on a single machine. The others are OK. >How-To-Repeat: # portaudit -Fa auditfile.tbz 100% of 91 kB 511 kBps 00m00s New database installed. Affected package: php5-5.4.16 Type of problem: PHP5 -- memory corruption in openssl_x509_parse(). Reference: http://portaudit.FreeBSD.org/47b4e713-6513-11e3-868f-0025905a4771.html 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. # pkg audit -F Vulnxml file up-to-date. 0 problem(s) in the installed packages found. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312181841.rBIIfg8q004844>