https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291765
--- Comment #10 from [email protected] --- (In reply to Colin Percival from comment #9) > FreeBSD Update deliberately avoids shipping new kernels when the only thing > which has changed is the version number This is a clever design! I remember noticing multiple times over the years (most recently after updating to 14.3-p6) that the kernel version stayed behind the userland version, and I incorrectly assumed that the reason for that was that since there were no kernel changes, a new kernel hadn’t been built. Thanks to you I now know that a kernel with the new version does exist every patch release, but it doesn’t ship through FreeBSD Update. > Sounds to me like everything is as it should be? It appears that in the vulnerability database, the recent ipfw vulnerability was attributed to FreeBSD-kernel-14.3_5. This led me (and perhaps other folks) relying on `/usr/local/etc/periodic/security/410.pkg-audit` (provided by `pkg`) to believe that the system remained vulnerable. I wonder if the ipfw vulnerability should not have been attributed to FreeBSD-kernel-14.3_5. -- You are receiving this mail because: You are the assignee for the bug.
