That leaves just unpackaged base as FreeBSD's remaining audit weakness.
Hi, I am happy that I can reduce your worry factor a bit ;-)
Can you share what the audit weakness is? freebsd-update cron checks
whether or not an update is available and then emails you. If you run
-RELEASE, then that
> On 14 Aug 2017, at 05:32, Roger Marquis wrote:
>
>> I do not think that holds:
>>
>>
>> 17521php -- multiple vulnerabilities
>> 17522
>> 17523
>> 17524php55
>> 175255.5.38
>> 17526
>>
>>
I do not think that holds:
17521 php -- multiple vulnerabilities
17522
17523
17524 php55
17525 5.5.38
17526
This is an entry from svnweb, for php55, which was added in 2016(07-26).
So this entry is there. Thus it did not disappear from VuXML
> On 12 Aug 2017, at 02:37, Roger Marquis wrote:
>
> On Fri, 11 Aug 2017, Remko Lodder wrote:
>
>> If an entry is removed from the ports/pkg tree?s and it is also removed
>> from VuXML, then yes, it will no longer get marked in your local
>> installation. That?s a bit of a
On Fri, 11 Aug 2017, Remko Lodder wrote:
If an entry is removed from the ports/pkg tree?s and it is also removed
from VuXML, then yes, it will no longer get marked in your local
installation. That?s a bit of a chicken and egg basically. Although I do
not recall that it ever happened that ports
> On 11 Aug 2017, at 23:47, Roger Marquis wrote:
>
>> It had been resolved for dovecot (it will now match both variants, since
>> people might still have
>> the old variant of the port installed) and there is a new paragraph added to
>> the porters handbook
>> which tells
It had been resolved for dovecot (it will now match both variants, since people
might still have
the old variant of the port installed) and there is a new paragraph added to
the porters handbook
which tells that we need to have a look at the vuxml entries.
Thanks Remko.
Hope this solves
Hi Roger,
> On 11 Aug 2017, at 17:14, Remko Lodder wrote:
>
> Hi Roger,
>
>> On 11 Aug 2017, at 04:41, Roger Marquis wrote:
>>
>> In the past pkg-audit and even pkg-version have not been reliable tools
>> where installed ports or packages have been
Hi Roger,
> On 11 Aug 2017, at 04:41, Roger Marquis wrote:
>
> In the past pkg-audit and even pkg-version have not been reliable tools
> where installed ports or packages have been subsequently discontinued or
> renamed. Today, however, I notice that dovecot2 is still
In the past pkg-audit and even pkg-version have not been reliable tools
where installed ports or packages have been subsequently discontinued or
renamed. Today, however, I notice that dovecot2 is still showing up in
the output of pkg-version despite the port having been renamed to
dovecot
On Tue, Aug 16, 2016, at 11:41, Roger Marquis wrote:
>
> There's also an issue with older versions (perl 5.1*) no longer showing
> up in the vuln.xml at all. I've seen perl, php and other critical
> network components still in use because the site depended on 'pkg audit'
> but did not know
On 16 Aug 2016, JosC wrote:
In the absence of running 'pkg audit -F', only
the"LOCALBASE/periodic/security/410.pkg-audit script updates the vuxml
file and audit results. Until that happens, or pkg audit -F is run, pkg
will still see an older version.
Thinking with you I now ask myself:
- Would
12 matches
Mail list logo