Date: Mon, 13 Dec 2010 01:12:00 +0100 From: Thomas Steen Rasmussen <thomas@gibfest.dk> To: freebsd-ports@freebsd.org Subject: Re: Security updates for packages? Message-ID: <4D0564D0.8080406@gibfest.dk> In-Reply-To: <4D0559E5.4030409@FreeBSD.org> References: <AANLkTi=3C7GtzZZU8oOEeiXH_R_1CETN6tsvmTgTgvR%2B@mail.gmail.com> <4D0559E5.4030409@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13.12.2010 00:25, Doug Barton wrote: > On 12/12/2010 12:28, Kevin Kreamer wrote: >> Hi, >> >> Having not used FreeBSD for several years, I did a fresh install >> yesterday >> of 8.1-RELEASE, and then used pkg_add -r to install several packages. I >> then came across portaudit, ran it, and it indicated that I had three >> vulnerable packages (git, ruby, and sudo). Looking at >> http://www.vuxml.org/freebsd/, it appears that these were reported in >> July, >> August, and September respectively. > > How did you install the package? > > He said he installed it using pkg_add -r, which will have pulled the package from the 8.1-RELEASE repository which is quite old by now. Kevin: You can set PACKAGESITE environment variable to a different path, to get packages that are more up to date: PACKAGESITE=ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest pkg_add -r something Hope this helps, Thomas Steen Rasmussen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D0564D0.8080406>