Paul Schmehl wrote: > --On Tuesday, February 13, 2007 16:25:23 -0600 Chris > <[EMAIL PROTECTED]> wrote: > >> Bob wrote: >>> # portupgrade mozilla >>> ---> Upgrading 'mozilla-1.7.12_5,2' to >>> 'mozilla-1.7.13_2,2' (www/mozilla) >>> >>> [...] >>> >>> ===> mozilla-1.7.13_2,2 has known vulnerabilities: >>> => mozilla -- multiple vulnerabilities. >>> Reference: >>> <http://www.FreeBSD.org/ports/portaudit/e6296105-449b-11db-ba89-000c6ec7 >>> 75d9.html> => mozilla -- multiple vulnerabilities. Reference: >>> <http://www.FreeBSD.org/ports/portaudit/e2a92664-1d60-11db-88cf-000c6ec7 >>> 75d9.html> => Please update your ports tree and try again. *** Error >>> code 1 >>> >>> My ports tree IS up to date, and I have a copy of mozilla-1.7.13_2,2 >>> in /usr/ports/distfiles, but obviously there is no current fix for the >>> vulnerability(s). I would still like to upgrade Mozilla to 1.7.13_2,2. >>> Is there a way to force the upgrade despite the port-vulnerability stop? >>> >>> Bob >>> >> >> An easy fix - remove the database portaudit uses. Loog somewhere in >> /var/db .... >> >> Then rerun your portupgrade > > Yikes! That's a bit drastic. What's wrong with make > DISABLE_VULNERABILITIES install? > > Paul Schmehl ([EMAIL PROTECTED]) > Senior Information Security Analyst > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/
As I mentioned in a posting (not made it here yet) that is a drastic move and the Op may have installed portaudit without understanding what it means and does. With that assumtion - I think my pending posting somewhat covers the reason as to NOT do that. -- Best regards, Chris Nothing is ever accomplished by a reasonable man. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
