Date: Fri, 2 Oct 2015 21:58:06 -1000 From: parv@pair.com To: f-q <freebsd-questions@freebsd.org> Subject: Re: Working of "pkg audit <package name>" Message-ID: <20151003075806.GA50546@holstein.holy.cow> In-Reply-To: <20151003074210.GA50460@holstein.holy.cow> References: <20151003074210.GA50460@holstein.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
Correction ... in message <20151003074210.GA50460@holstein.holy.cow>, wrote parv@p thusly... > ... > Firefox 39 or 40 had been installed from ports. I got tired of > seeing package being vulnerable on every ports tree update process > that rebuilds "security/vuxml". As the "www/firefox" port has not > been updated yet, so I fetched source of firefox 41.0.1; updated > distinfo; installed (after rebuilding databases/sqlite3 with DBSTAT > option & moving out "files/patch-bug702179" out of "files"). ... > At least the installed firefox is not vulnerable any more (yet). Apparently per pkg-version # pkg version -t 41.0.1 41.0,1 < ... & ... https://vuxml.freebsd.org/freebsd/2d56c7f4-b354-428f-8f48-38150c607a05.html ... 41.0.1 is still vulnerable. But according to ... https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ ... there are no outstaning vulnerabilities. Now I am confused. --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20151003075806.GA50546>