From owner-freebsd-questions@FreeBSD.ORG  Sat May 21 13:29:15 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90A8D16A4CF
	for <freebsd-questions@freebsd.org>;
	Sat, 21 May 2005 13:29:15 +0000 (GMT)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F4C443D60
	for <freebsd-questions@freebsd.org>;
	Sat, 21 May 2005 13:29:12 +0000 (GMT)
	(envelope-from robert.spam.me.senseless@gmail.com)
Received: by wproxy.gmail.com with SMTP id 55so64449wri
	for <freebsd-questions@freebsd.org>;
	Sat, 21 May 2005 06:29:11 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=mnhHyKZS7p0waQpWjW36XLRW88SJnxLGf3l1pni++5JcztPNfjQy82p96M+DDdmehNUB8WSkcfUVKC0u4Cs/s7DtM2yAIEcBNKL4rR5XYvmhP2wUcdC5uNrV3C27S6XYvOWiI+QQtiK0DFxBDOD4jjR6tGzIaaoRHUag+dnsQNA=
Received: by 10.54.27.65 with SMTP id a65mr2547438wra;
        Sat, 21 May 2005 06:29:11 -0700 (PDT)
Received: by 10.54.34.6 with HTTP; Sat, 21 May 2005 06:29:11 -0700 (PDT)
Message-ID: <7093dffb05052106296c487773@mail.gmail.com>
Date: Sat, 21 May 2005 13:29:11 +0000
From: Robert S <robert.spam.me.senseless@gmail.com>
To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: portaudit: recommended packages can't be installed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Robert S <robert.spam.me.senseless@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 21 May 2005 13:29:15 -0000

8I've just started playing around with FreeBSD.  One of my main
priorities of an OS is ease of upgrading.  If I run portaudit, I get a
list of insecure packages (here is an excerpt from the output):

Affected package: firefox-1.0.3,1
Type of problem: mozilla -- code execution via javascript: IconURL
vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/eca6195a-c233-11d9-804c-=
02061b08fc24.html>

Affected package: kdelibs-3.4.0_1
Type of problem: kdelibs -- kimgio input validation errors.
Reference: <http://www.FreeBSD.org/ports/portaudit/06404241-b306-11d9-a788-=
0001020eed82.html>

4 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
freebsd #

If I try to replace kdelibs with a binary package, or install it
through ports (after doing a cvsup), I still get verion 3.4.0_1.

Are fixes not necessarily made available when security vulnerabilities
are found?

Also -- is there a similar utility to portaudit and freebsd-update,
that can be used on the base operating system (not through ports)?