From owner-freebsd-ports@FreeBSD.ORG  Mon Dec 13 00:12:05 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8666B1065670
	for <freebsd-ports@freebsd.org>; Mon, 13 Dec 2010 00:12:05 +0000 (UTC)
	(envelope-from thomas@gibfest.dk)
Received: from mail.tyknet.dk (mail.tyknet.dk [IPv6:2002:d596:2a92:2:155::])
	by mx1.freebsd.org (Postfix) with ESMTP id 40E198FC18
	for <freebsd-ports@freebsd.org>; Mon, 13 Dec 2010 00:12:05 +0000 (UTC)
Received: from tykburk.tyknet.cn.dom (1503033810.dong.dbnet.dk
	[89.150.121.210])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.tyknet.dk (Postfix) with ESMTPSA id 41464638DAC
	for <freebsd-ports@freebsd.org>; Mon, 13 Dec 2010 01:12:01 +0100 (CET)
X-DKIM: OpenDKIM Filter v2.1.3 mail.tyknet.dk 41464638DAC
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gibfest.dk; s=default;
	t=1292199121; bh=gaLSpA5j1zpiDTJjecIMms/FgqnosFdWgGDBtXXFm28=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=PKocgwiJRP/nFoeOSMYzz6EJGKW7mblG3FtpLMCtsv+2vsKuPi2NUOY3RE6aIFeUz
	rAUXWETv2RZMTKgp6UPynLyKJcxw3R2XOdeMInQQmjdmIFyP8fJb1c57TPv4ns0qcU
	dhRnwzTLJimgxjmpfxciwKnYshVTMXf3Ze3sCgQ8=
Message-ID: <4D0564D0.8080406@gibfest.dk>
Date: Mon, 13 Dec 2010 01:12:00 +0100
From: Thomas Steen Rasmussen <thomas@gibfest.dk>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.2.9) Gecko/20101005 Lightning/1.0b2 Thunderbird/3.1.4
MIME-Version: 1.0
To: freebsd-ports@freebsd.org
References: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR+@mail.gmail.com>
	<4D0559E5.4030409@FreeBSD.org>
In-Reply-To: <4D0559E5.4030409@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Security updates for packages?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 00:12:05 -0000

  On 13.12.2010 00:25, Doug Barton wrote:
> On 12/12/2010 12:28, Kevin Kreamer wrote:
>> Hi,
>>
>> Having not used FreeBSD for several years, I did a fresh install 
>> yesterday
>> of 8.1-RELEASE, and then used pkg_add -r to install several packages.  I
>> then came across portaudit, ran it, and it indicated that I had three
>> vulnerable packages (git, ruby, and sudo). Looking at
>> http://www.vuxml.org/freebsd/, it appears that these were reported in 
>> July,
>> August, and September respectively.
>
> How did you install the package?
>
>
He said he installed it using pkg_add -r, which will have pulled the 
package from
the 8.1-RELEASE repository which is quite old by now.

Kevin: You can set PACKAGESITE environment variable to a different path,
to get packages that are more up to date:

PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest 
pkg_add -r something

Hope this helps,

Thomas Steen Rasmussen