Date: Sun, 12 Jun 2022 23:19:50 +0200 From: "Herbert J. Skuhra" <herbert@gojira.at> To: questions@freebsd.org Subject: Re: Curious Ports Behavior Message-ID: <YqZYdsWisl495VVH@mail.bsd4all.net> In-Reply-To: <8edd72da-d673-fede-e701-9990b206646c@tundraware.com> References: <e06cf4d2-4711-ec12-0a36-19243f6c1591@tundraware.com> <YqZNT4HXzVU2/YLK@mail.bsd4all.net> <8edd72da-d673-fede-e701-9990b206646c@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jun 12, 2022 at 03:36:08PM -0500, Tim Daneliuk wrote: > On 6/12/22 15:32, Herbert J. Skuhra wrote: > > > I don't want servers running with high severity vulnerabilities ... > > Run 'pkg audit -F' and try again. > > Well, that fixed it. Can you please explain how the system might > get into such a state? > > Should I be running this pkg audit daily? The original entry in the database contained a wrong range: - <range><lt>2.5.54</lt></range> + <range><lt>2.4.54</lt></range> It was fixed in 0bb1abdb2049. /usr/local/etc/periodic/security/410.pkg-audit should run daily and update /var/db/pkg/vuln.xml and check for vulnerable packages. Unfortunately not all my systems fetched the latest file: -r--r--r-- 1 root wheel 7143257 Jun 10 03:24 /var/db/pkg/vuln.xml Others in the same network: -r--r--r-- 1 root wheel 7144777 Jun 11 03:17 /var/db/pkg/vuln.xml Maybe some FreeBSD mirrors are/were not in sync. -- Herbert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YqZYdsWisl495VVH>