Date: Sat, 6 May 2017 10:43:37 +0200 From: Jos Chrispijn <bsdports@cloudzeeland.nl> To: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Keeping VuXML DB updated Message-ID: <eca71989-859a-08fa-afd2-459e5325bde5@cloudzeeland.nl>
next in thread | raw e-mail | index | archive | help
Due to a vulnerability issue earlier with a port, I received some kind emails of using the command below to update the VuXML DB (which is not a part of the ports tree). I did so on my server and got the following output: --- cut --- > pkg audit -F vulnxml file up-to-date tiff-4.0.7_1 is vulnerable: tiff -- multiple vulnerabilities CVE: CVE-2017-7602 CVE: CVE-2017-7601 CVE: CVE-2017-7600 CVE: CVE-2017-7599 CVE: CVE-2017-7598 CVE: CVE-2017-7597 CVE: CVE-2017-7596 CVE: CVE-2017-7595 CVE: CVE-2017-7594 CVE: CVE-2017-7593 CVE: CVE-2017-7592 CVE: CVE-2017-5225 WWW: https://vuxml.FreeBSD.org/freebsd/2a96e498-3234-4950-a9ad-419bc84a839d.html 1 problem(s) in the installed packages found. --- cut --- What is the next procedure to follow; should I inform the port maintainer of the reported port ((ports are a user group effort) ) or should I update this port with "DISABLE_VULNERABILITIES=yes" ? Happy to contribute, Jos Chrispijn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eca71989-859a-08fa-afd2-459e5325bde5>