Date: Mon, 16 Feb 2015 22:12:01 +0000 (UTC) From: John Goerzen <jgoerzen@complete.org> To: freebsd-questions@freebsd.org Subject: pkg audit finds updates, but pkg upgrade doesn't Message-ID: <loom.20150216T230822-352@post.gmane.org>
next in thread | raw e-mail | index | archive | help
Hello, So this is a bit of an odd one. Is this a bug, or am I missing something? So I ran pkg audit today, and got this: root@freebsd-laptop:~ # pkg audit -F pkg: vulnxml file up-to-date xorg-server-1.14.7_1,1 is vulnerable: xorg-server -- Information leak in the XkbSetGeometry request of X servers. CVE: CVE-2015-0255 WWW: http://vuxml.FreeBSD.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html 1 problem(s) in the installed packages found. OK, so far so good, right? I need a new xorg-server. But: root@freebsd-laptop:~ # pkg update Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. root@freebsd-laptop:~ # pkg upgrade Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. Checking for upgrades (1 candidates): 100% Processing candidates (1 candidates): 100% Checking integrity... done (0 conflicting) Your packages are up to date. Hmm. I can repeat these commands as often as I like, and still I get the same thing: xorg-server is vulnerable, but my packages are up-to-date. That issue has been in FreeBSD's vulnerability database for almost a week, so presumably I'm not just seeing mirror lag or something here. Any ideas? Thanks, John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20150216T230822-352>