From owner-freebsd-ports@FreeBSD.ORG  Sun Dec 12 20:55:04 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 9138D1065672
	for <freebsd-ports@freebsd.org>; Sun, 12 Dec 2010 20:55:04 +0000 (UTC)
	(envelope-from kevin@kreamer.org)
Received: from mail-gw0-f49.google.com (mail-gw0-f49.google.com [74.125.83.49])
	by mx1.freebsd.org (Postfix) with ESMTP id 4F1558FC12
	for <freebsd-ports@freebsd.org>; Sun, 12 Dec 2010 20:55:04 +0000 (UTC)
Received: by gwj20 with SMTP id 20so3449071gwj.36
	for <freebsd-ports@freebsd.org>; Sun, 12 Dec 2010 12:55:03 -0800 (PST)
Received: by 10.100.6.9 with SMTP id 9mr2050057anf.208.1292185758999; Sun, 12
	Dec 2010 12:29:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.210.14 with HTTP; Sun, 12 Dec 2010 12:28:58 -0800 (PST)
From: Kevin Kreamer <kevin@kreamer.org>
Date: Sun, 12 Dec 2010 15:28:58 -0500
Message-ID: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR+@mail.gmail.com>
To: freebsd-ports@freebsd.org
X-Mailman-Approved-At: Sun, 12 Dec 2010 23:22:00 +0000
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Security updates for packages?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Dec 2010 20:55:04 -0000

Hi,

Having not used FreeBSD for several years, I did a fresh install yesterday
of 8.1-RELEASE, and then used pkg_add -r to install several packages.  I
then came across portaudit, ran it, and it indicated that I had three
vulnerable packages (git, ruby, and sudo). Looking at
http://www.vuxml.org/freebsd/, it appears that these were reported in July,
August, and September respectively.

Basically, I would think a freshly installed system would not have security
vulnerabilities from months prior.  Is that an erroneous assumption on my
part, am I just misunderstanding something, or do I have something
misconfigured?  Do only ports get security updates, and not packages? Or is
this related to the fact that I picked RELEASE, versus CURRENT or STABLE?

Thanks,
Kevin