On Fri, 3 Jul 2015 07:34:21 -0700 David Wolfskill wrote
---[big snip]---
I've been bitten by this myself.
Not a big deal *unless* it's a sizable, or batched upgrade/date.
My solution FWIW is to delete /var/db/pkg/vuln.xml *prior* to
performing any sizable upgrade/date. Then performing a
pkg audi
On Fri, 3 Jul 2015, Matthew Seaman wrote:
On 2015/07/03 14:01, David Wolfskill wrote:
And that combination of things catalyzed this note.
Here's what I'm seeing:
- There is a claim that the port to which I was trying to update was
"vulnerable" per vuxml.
vuxml currently states that netpbm
On Fri, Jul 03, 2015 at 02:36:05PM +0100, Matthew Seaman wrote:
> On 2015/07/03 14:01, David Wolfskill wrote:
> ...
> vuxml currently states that netpbm versions /less than/ 10.35.96 are
> vulnerable, and has done since about 48h ago.
H
> Given that the latest available version of netpbm
On 2015/07/03 14:01, David Wolfskill wrote:
> And that combination of things catalyzed this note.
>
> Here's what I'm seeing:
> - There is a claim that the port to which I was trying to update was
> "vulnerable" per vuxml.
vuxml currently states that netpbm versions /less than/ 10.35.96 are
vul
Before I get started on something that is likely to devolve into
something a bit "rant-ish," I will take this opportunity to thank the
folks who work on things such as maintaining ports, the port- and
package-building infrastructure, and maintaining the vulnerability
database(s). (For about 3 deca
