From owner-freebsd-questions@freebsd.org  Sat Oct  3 07:49:18 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8070A0F7FC
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sat,  3 Oct 2015 07:49:18 +0000 (UTC) (envelope-from parv@pair.com)
Received: from dnvrco-oedge-vip.email.rr.com
 (dnvrco-outbound-snat.email.rr.com [107.14.73.227])
 by mx1.freebsd.org (Postfix) with ESMTP id 7A3121ECF
 for <freebsd-questions@freebsd.org>; Sat,  3 Oct 2015 07:49:17 +0000 (UTC)
 (envelope-from parv@pair.com)
Received: from [66.91.233.235] ([66.91.233.235:55172] helo=holstein.holy.cow)
 by dnvrco-oedge03 (envelope-from <parv@pair.com>)
 (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
 id 33/11-20691-6C68F065; Sat, 03 Oct 2015 07:41:59 +0000
Received: by holstein.holy.cow (Postfix, from userid 1000)
 id B110B5CEE; Fri,  2 Oct 2015 21:42:10 -1000 (HST)
Date: Fri, 2 Oct 2015 21:42:10 -1000
From: parv@pair.com
To: f-q <freebsd-questions@freebsd.org>
Subject: Working of "pkg audit <package name>"
Message-ID: <20151003074210.GA50460@holstein.holy.cow>
Mail-Followup-To: f-q <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-RR-Connecting-IP: 107.14.64.142:25
X-Authority-Analysis: v=2.1 cv=G9aSErU5 c=1 sm=1 tr=0
 a=lTVOjstemKd+xnJOf5b3+g==:117 a=lTVOjstemKd+xnJOf5b3+g==:17 a=ayC55rCoAAAA:8
 a=Ymsr-CWnAAAA:8 a=kj9zAlcOel0A:10 a=5lJygRwiOn0A:10 a=X0eaaUGMnVWRyhAD7n8A:9
 a=CjuIK1q_8ugA:10
X-Cloudmark-Score: 0
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Oct 2015 07:49:18 -0000

I want to know if running "pkg audit" makes any sense for a port
installed that has not been updated officially yet. Also, is it
possible to supplement the vuxml catalog for such ports installed?

Firefox 39 or 40 had been installed from ports. I got tired of
seeing package being vulnerable on every ports tree update process
that rebuilds "security/vuxml". As the "www/firefox" port has not
been updated yet, so I fetched source of firefox 41.0.1; updated
distinfo; installed (after rebuilding databases/sqlite3 with DBSTAT
option & moving out "files/patch-bug702179" out of "files").

Now I see vulnerability warnings going back to 2004, which are
just useless & rather amusing. At least the installed firefox is not
vulnerable any more (yet).


  - parv

--