From owner-freebsd-vuxml@FreeBSD.ORG Tue Oct 19 15:00:18 2004 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F75716A4D8 for ; Tue, 19 Oct 2004 15:00:18 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 089B143D41 for ; Tue, 19 Oct 2004 15:00:18 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 7F7235487F; Tue, 19 Oct 2004 10:00:17 -0500 (CDT) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 45427-03; Tue, 19 Oct 2004 10:00:07 -0500 (CDT) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id F328B54840; Tue, 19 Oct 2004 10:00:06 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id D2A476D468; Tue, 19 Oct 2004 09:59:52 -0500 (CDT) Date: Tue, 19 Oct 2004 09:59:52 -0500 From: "Jacques A. Vidrine" To: Dan Langille Message-ID: <20041019145952.GA22119@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Dan Langille , freebsd-vuxml@freebsd.org References: <20041017201037.V55729@xeon.unixathome.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041017201037.V55729@xeon.unixathome.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i cc: freebsd-vuxml@freebsd.org Subject: Re: can portaudit report a fixed date/version? X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 15:00:18 -0000 On Sun, Oct 17, 2004 at 08:13:02PM -0400, Dan Langille wrote: > Hi folks: > > I have portaudit installed. Each morning I get notified if there are any > vulnerabilities that I should know about. That's good. > > I think portaudit should also tell me if it knows there is a fix available > in the tree. That would immediately tell me that I can cvsup and get the > problem fixed. > > Comments? The VuXML format contains only which packages are affected, and not an direct indicator whether or not a fix has been applied. This is by design. Including that information would be redundant. From VuXML, you know what package versions are affected. From the Ports Collection, you know what package versions are available. A tool such as portaudit could compute whether a fix is available or not for you. It might be a nice feature. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org