Date: Mon, 7 Sep 2015 09:59:15 +0200 From: Marko Turk <marko@markoturk.info> To: freebsd-pkg@freebsd.org Subject: Pkg audit package not identified as vulnerable Message-ID: <20150907075915.GA1702@vps.markoturk.info>
next in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi, I have both gstreamer1-libav and ffmpeg installed. Both are vulnerable (according to vuxml.freebsd.org) but pkg audit prints one package two times. Additionally, pkg audit -v prints only one package as vulnerable. Is this intended behavior? BR, Marko root@shkatula:~ # pkg audit gstreamer1-libav-1.4.5 is vulnerable: ffmpeg -- use after free CVE: CVE-2015-3417 WWW: https://vuxml.FreeBSD.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html gstreamer1-libav-1.4.5 is vulnerable: ffmpeg -- out-of-bounds array access CVE: CVE-2015-3395 WWW: https://vuxml.FreeBSD.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html 1 problem(s) in the installed packages found. root@shkatula:~ # pkg audit -q gstreamer1-libav-1.4.5 root@shkatula:~ # --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJV7UPTAAoJEDcRe7P/w1sjnrMQAIuo3cWuZfS9aLtph2ZdBU+7 Bs11r+FWAwNSYnzr74E7ckAZx0jRrl7r3gjwekKsRRhIiZB3eVk0wT4toj2GY+CK VgdHQW0YpMW2Vqk19PbCysuwPVaH16t+HUrM6jOXXszvM/XR9xwA07+wPvqhmzMc pgh88QGgEXk5XM79vn6hZ1Bg+WfAwnYhRH2zAKmbGdYzh7Ot8tjEfhQoyRaYseMK 8l7SjiPAiYnLBzSan4lUTVcy5dKw57L0jJ987F9Bi/yXicMzvK+0v8l1LXJKoCGW Ve55JMwm44LZS9JRGlAKr6lRMCqY5oJ3UmJ32X0jpFX3DF/GmahTMoH+RTJ4pFmE jOgGlD3qRlwC5Y92BXnUUZLtcskJnmYnWymrf1qeCy6CrrrUwqrdf7e1TSjaIBO6 /T0v/uyeAGOrUhOt9j260U3xP/F5BjROZuL/TS7JW4jhACeKehDVx/lonJf71ye1 4mBHyWlJPZt9itMLszOwZ1dSbC1/uiGf3OlQLiBYJcXiswHIw/wBb9WMSMzpGojb bG54Mgg93BTJMfcRO8MgvgPMOR1kv44aURbbZmAb28gsbuNjOFeZ/D8CNb/F3RO5 JYFOd7/qUTdxb6ZYhSbnraMXO6HVXTh3kXp071xD9M/T+m7aFT/xKiZ43gQGsfT+ BXQDU4kXk9wC3ytYpicr =+6Nu -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150907075915.GA1702>