From owner-freebsd-questions@FreeBSD.ORG  Wed May  7 15:06:40 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3D5EB188
 for <freebsd-questions@freebsd.org>; Wed,  7 May 2014 15:06:40 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id 147C72AC
 for <freebsd-questions@freebsd.org>; Wed,  7 May 2014 15:06:39 +0000 (UTC)
Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.41])
 by be-well.ilk.org (Postfix) with ESMTP id C1CA633C22;
 Wed,  7 May 2014 11:06:33 -0400 (EDT)
Received: by lowell-desk.lan (Postfix, from userid 1147)
 id 4D8BF39846; Wed,  7 May 2014 11:06:31 -0400 (EDT)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: "edflecko ." <edflecko@gmail.com>
Subject: Re: pkg audit disagrees with pkg upgrade ???
References: <CAFS4T6ZTGERL3a6DmkAhHMLG2C+NT6hbA--dgwwQZo9Gux_ogg@mail.gmail.com>
 <5369DF16.40000@qeng-ho.org>
 <CAFS4T6bWioVcjGNtCsxZgwxgnfavLdTPGvVUdcJPc=r+i7+QJg@mail.gmail.com>
Reply-To: freebsd-questions@freebsd.org
Date: Wed, 07 May 2014 11:06:31 -0400
In-Reply-To: <CAFS4T6bWioVcjGNtCsxZgwxgnfavLdTPGvVUdcJPc=r+i7+QJg@mail.gmail.com>
 (edflecko .'s message of "Wed, 7 May 2014 07:51:22 -0700")
Message-ID: <44d2fp8w7c.fsf@lowell-desk.lan>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 15:06:40 -0000

Don't top-post, please.

"edflecko ." <edflecko@gmail.com> writes:

> On Wed, May 7, 2014 at 12:21 AM, Arthur Chance <freebsd@qeng-ho.org> wrote:
>
>> On 06/05/2014 21:27, edflecko . wrote:
>>
>>> I'm checking to see if I need to upgrade any installed packages. pkg audit
>>> -F says I have three vulnerabilities, but when I run pkg upgrade -y, it
>>> thinks everything is O.K. (see below)
>>>
>>> Why the discrepancy? Which one should I believe?
>>>
>>
>> Apples and oranges. Just because a port has a vulnerability doesn't
>> necessarily mean there's a newer version available yet.

> Great, thank you.
>
> Is there a way to see what package(s) is specifically using these dependent
> packages? I might choose to remove the host package, for security reasons,
> and thereby remove these as well.

Sure. "pkg info -r <package-name>". See "man pkg-info" for details.

Or, sometimes, I just try to "pkg delete" the package, and (if it's
still a dependency) I'll get an error message that tells me what depends
on it.