Date: Sat, 6 May 2017 11:32:13 +0200 From: Kurt Jaeger <lists@opsec.eu> To: Jos Chrispijn <bsdports@cloudzeeland.nl> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Keeping VuXML DB updated Message-ID: <20170506093213.GE87900@home.opsec.eu> In-Reply-To: <eca71989-859a-08fa-afd2-459e5325bde5@cloudzeeland.nl> References: <eca71989-859a-08fa-afd2-459e5325bde5@cloudzeeland.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > Due to a vulnerability issue earlier with a port, I received some kind > emails of using the command below to update the VuXML DB (which is not a > part of the ports tree). > > I did so on my server and got the following output: > > --- cut --- > > > pkg audit -F > vulnxml file up-to-date > tiff-4.0.7_1 is vulnerable: > tiff -- multiple vulnerabilities > CVE: CVE-2017-7602 [...] > What is the next procedure to follow; should I inform the port > maintainer of the reported port portmgr knows about this, but there's no solution right now. > ((ports are a user group effort) ) or > should I update this port with "DISABLE_VULNERABILITIES=yes" ? There are ports that depend on tiff, and maybe you are using one of them. If you do not need those other ports, remove tiff. Otherwise: this (DISABLE_VULNERABILITIES) is, while not perfect, the next step. -- pi@opsec.eu +49 171 3101372 3 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170506093213.GE87900>