Date: Tue, 14 Jan 2025 04:06:38 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 284053] ports-mgmt/portupgrade: Installs insecure databases/db5 as a dependency Message-ID: <bug-284053-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D284053 Bug ID: 284053 Summary: ports-mgmt/portupgrade: Installs insecure databases/db5 as a dependency Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: terry-freebsd@glaver.org CC: bdrewery@FreeBSD.org CC: bdrewery@FreeBSD.org On a clean install of 14.2-RELEASE (subsequently updated to 14.2-stable) building the ports-mgmt/portupgrade" package also installs databases/db5 as= a dependency. As the nightly security report then (correctly) points out: Checking for packages with security vulnerabilities: db5-5.3.28_9: Tag: expiration_date Value: 2022-06-30 db5-5.3.28_9: Tag: deprecated Value: EOLd, potential security issues, maybe usedb18 instead The planned removal date for db5 was nearly two and a half years ago. Presumably it is still in the ports tree. But it seems rather important to = not have one of our main tools for ports management (at least for those who bui= ld from source) still using it. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-284053-7788>