Date: Wed, 04 Sep 2024 15:12:13 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 281269] pkg-audit ignores VuXML reports if installed package has PORTEPOCH appended Message-ID: <bug-281269-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281269 Bug ID: 281269 Summary: pkg-audit ignores VuXML reports if installed package has PORTEPOCH appended Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: joneum@FreeBSD.org Reporter: ps.ports@smyrak.com CC: bapt@FreeBSD.org Assignee: joneum@FreeBSD.org Flags: maintainer-feedback?(joneum@FreeBSD.org) Steps to reproduce: 1. pick a vulnerable ports / package whose Makefile includes a PORTEPOCH and install it.=20 2. run pkg audit Note, I have spotted this thanks on firefox, yet it might as well be reprod= uced on www/nginx which is cheaper to build. Thus I believe that bug #281250 is a duplicate or actually a symptom of this description.=20 % uname -v FreeBSD 13.4-STABLE stable/13-n258228-3a9010c98b3d GENERIC % pkg --version 1.21.3 % pkg info firefox | head -1 firefox-128.0.3,2 % grep -A1 'name.firefox' /usr/ports/security/vuxml/vuln/2024.xml <name>firefox</name> <range><lt>129.0</lt></range> -- <name>firefox</name> <range><lt>129.0</lt></range> % doas pkg audit -F vulnxml file up-to-date 0 problem(s) in 0 installed package(s) found. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-281269-7788>