From owner-freebsd-questions@freebsd.org Sat Oct 3 08:01:09 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34A33A0D5FB for ; Sat, 3 Oct 2015 08:01:09 +0000 (UTC) (envelope-from parv@pair.com) Received: from dnvrco-oedge-vip.email.rr.com (dnvrco-outbound-snat.email.rr.com [107.14.73.226]) by mx1.freebsd.org (Postfix) with ESMTP id 04E2B129F for ; Sat, 3 Oct 2015 08:01:07 +0000 (UTC) (envelope-from parv@pair.com) Received: from [66.91.233.235] ([66.91.233.235:21705] helo=holstein.holy.cow) by dnvrco-oedge03 (envelope-from ) (ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP id 0C/D2-20691-28A8F065; Sat, 03 Oct 2015 07:57:55 +0000 Received: by holstein.holy.cow (Postfix, from userid 1000) id BA0CB5CEE; Fri, 2 Oct 2015 21:58:06 -1000 (HST) Date: Fri, 2 Oct 2015 21:58:06 -1000 From: parv@pair.com To: f-q Subject: Re: Working of "pkg audit " Message-ID: <20151003075806.GA50546@holstein.holy.cow> Mail-Followup-To: f-q References: <20151003074210.GA50460@holstein.holy.cow> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20151003074210.GA50460@holstein.holy.cow> X-RR-Connecting-IP: 107.14.64.142:25 X-Authority-Analysis: v=2.1 cv=G9aSErU5 c=1 sm=1 tr=0 a=lTVOjstemKd+xnJOf5b3+g==:117 a=lTVOjstemKd+xnJOf5b3+g==:17 a=ayC55rCoAAAA:8 a=Ymsr-CWnAAAA:8 a=kj9zAlcOel0A:10 a=5lJygRwiOn0A:10 a=6I5d2MoRAAAA:8 a=pQs5aej7AAAA:8 a=zLPl_RrunXlPxowX01UA:9 a=CjuIK1q_8ugA:10 a=WsX6kwJdmUYA:10 X-Cloudmark-Score: 0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2015 08:01:09 -0000 Correction ... in message <20151003074210.GA50460@holstein.holy.cow>, wrote parv@p thusly... > ... > Firefox 39 or 40 had been installed from ports. I got tired of > seeing package being vulnerable on every ports tree update process > that rebuilds "security/vuxml". As the "www/firefox" port has not > been updated yet, so I fetched source of firefox 41.0.1; updated > distinfo; installed (after rebuilding databases/sqlite3 with DBSTAT > option & moving out "files/patch-bug702179" out of "files"). ... > At least the installed firefox is not vulnerable any more (yet). Apparently per pkg-version # pkg version -t 41.0.1 41.0,1 < ... & ... https://vuxml.freebsd.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html ... 41.0.1 is still vulnerable. But according to ... https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ ... there are no outstaning vulnerabilities. Now I am confused. --