Date: Fri, 26 Sep 2014 08:25:12 -0700 From: Paul Hoffman <paul.hoffman@vpnc.org> To: freebsd-security@freebsd.org Subject: pkg repositories out of alignment (was: Re: bash velnerability) Message-ID: <F0417142-C09B-4D05-9DFC-81D58C1F4AAB@vpnc.org> In-Reply-To: <20140926123803.GA30925@zxy.spb.ru> References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <20140925193555.GB28430@satori.lan> <20140926123803.GA30925@zxy.spb.ru>
index | next in thread | previous in thread | raw e-mail
Just a note that the pkg repo for 10 seems to be far advanced over that for 9.3. That is, the bash fix appeared in the 10 repo yesterday (or earlier), but it still not in the 9.3 repo. Here's what I'm seeing on a 9.3 box right now: # sudo pkg update Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. # sudo pkg audit bash-4.3.24 is vulnerable: bash -- remote code execution vulnerability CVE: CVE-2014-7169 CVE: CVE-2014-6271 WWW: http://portaudit.FreeBSD.org/71ad81da-4414-11e4-a33e-3c970e169bc2.html 1 problem(s) in the installed packages found. # sudo pkg upgrade bash Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Checking integrity... done (0 conflicting) Your packages are up to date. I appreciate the speed that folks update the packages; I'm a bit distressed that 9.3 seems to be a second-class citizen for security fixes. (And I totally admit that I could be misreading the situation.) --Paul Hoffmanhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F0417142-C09B-4D05-9DFC-81D58C1F4AAB>