after updating openssl on my system for the 2015-006 security advisory, the version is 1.0.2a. now i am getting insecurity emails for that version but i can't update it... isn't this the right procedure (below)?
# cd /usr/pkgsrc/security/openssl # cvs update -dP cvs update: Updating . cvs update: Updating files cvs update: Updating patches cvs update: Updating pkg # make update ===> Checking for vulnerabilities in openssl-1.0.2a Package openssl-1.0.2a has a multiple-vulnerabilities vulnerability, see http://www.securityfocus.com/archive/1/535303 ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in pkg_install.conf(5) if this package is absolutely essential. *** Error code 1 Stop. make: stopped in /usr/pkgsrc/security/openssl *** Error code 1 Stop. make: stopped in /usr/pkgsrc/security/openssl #
