Hi! > Due to a vulnerability issue earlier with a port, I received some kind > emails of using the command below to update the VuXML DB (which is not a > part of the ports tree). > > I did so on my server and got the following output: > > --- cut --- > > > pkg audit -F > vulnxml file up-to-date > tiff-4.0.7_1 is vulnerable: > tiff -- multiple vulnerabilities > CVE: CVE-2017-7602 [...]
> What is the next procedure to follow; should I inform the port > maintainer of the reported port portmgr knows about this, but there's no solution right now. > ((ports are a user group effort) ) or > should I update this port with "DISABLE_VULNERABILITIES=yes" ? There are ports that depend on tiff, and maybe you are using one of them. If you do not need those other ports, remove tiff. Otherwise: this (DISABLE_VULNERABILITIES) is, while not perfect, the next step. -- p...@opsec.eu +49 171 3101372 3 years to go ! _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
