Date: Wed, 07 May 2014 11:06:31 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "edflecko ." <edflecko@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: pkg audit disagrees with pkg upgrade ??? Message-ID: <44d2fp8w7c.fsf@lowell-desk.lan> In-Reply-To: <CAFS4T6bWioVcjGNtCsxZgwxgnfavLdTPGvVUdcJPc=r%2Bi7%2BQJg@mail.gmail.com> (edflecko .'s message of "Wed, 7 May 2014 07:51:22 -0700") References: <CAFS4T6ZTGERL3a6DmkAhHMLG2C%2BNT6hbA--dgwwQZo9Gux_ogg@mail.gmail.com> <5369DF16.40000@qeng-ho.org> <CAFS4T6bWioVcjGNtCsxZgwxgnfavLdTPGvVUdcJPc=r%2Bi7%2BQJg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Don't top-post, please. "edflecko ." <edflecko@gmail.com> writes: > On Wed, May 7, 2014 at 12:21 AM, Arthur Chance <freebsd@qeng-ho.org> wrote: > >> On 06/05/2014 21:27, edflecko . wrote: >> >>> I'm checking to see if I need to upgrade any installed packages. pkg audit >>> -F says I have three vulnerabilities, but when I run pkg upgrade -y, it >>> thinks everything is O.K. (see below) >>> >>> Why the discrepancy? Which one should I believe? >>> >> >> Apples and oranges. Just because a port has a vulnerability doesn't >> necessarily mean there's a newer version available yet. > Great, thank you. > > Is there a way to see what package(s) is specifically using these dependent > packages? I might choose to remove the host package, for security reasons, > and thereby remove these as well. Sure. "pkg info -r <package-name>". See "man pkg-info" for details. Or, sometimes, I just try to "pkg delete" the package, and (if it's still a dependency) I'll get an error message that tells me what depends on it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44d2fp8w7c.fsf>