Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Oct 2015 21:58:06 -1000
From:      parv@pair.com
To:        f-q <freebsd-questions@freebsd.org>
Subject:   Re: Working of "pkg audit <package name>"
Message-ID:  <20151003075806.GA50546@holstein.holy.cow>
In-Reply-To: <20151003074210.GA50460@holstein.holy.cow>
References:  <20151003074210.GA50460@holstein.holy.cow>

next in thread | previous in thread | raw e-mail | index | archive | help
Correction ...

in message <20151003074210.GA50460@holstein.holy.cow>,
wrote parv@p thusly...
>
...
> Firefox 39 or 40 had been installed from ports. I got tired of
> seeing package being vulnerable on every ports tree update process
> that rebuilds "security/vuxml". As the "www/firefox" port has not
> been updated yet, so I fetched source of firefox 41.0.1; updated
> distinfo; installed (after rebuilding databases/sqlite3 with DBSTAT
> option & moving out "files/patch-bug702179" out of "files").
...
> At least the installed firefox is not vulnerable any more (yet).

Apparently per pkg-version

  # pkg version -t 41.0.1 41.0,1
  <

... & ...

  https://vuxml.freebsd.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html


... 41.0.1 is still vulnerable. But according to ...

  https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

... there are no outstaning vulnerabilities.

Now I am confused.


-- 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151003075806.GA50546>