That leaves just unpackaged base as FreeBSD's remaining audit weakness.
Hi, I am happy that I can reduce your worry factor a bit ;-)
Can you share what the audit weakness is? freebsd-update cron checks
whether or not an update is available and then emails you. If you run
-RELEASE, then that mea
> On 14 Aug 2017, at 05:32, Roger Marquis wrote:
>
>> I do not think that holds:
>>
>>
>> 17521php -- multiple vulnerabilities
>> 17522
>> 17523
>> 17524php55
>> 175255.5.38
>> 17526
>>
>> This is an entry fro
I do not think that holds:
17521 php -- multiple vulnerabilities
17522
17523
17524 php55
17525 5.5.38
17526
This is an entry from svnweb, for php55, which was added in 2016(07-26).
So this entry is there. Thus it did not disappear from VuXML a
> On 12 Aug 2017, at 02:37, Roger Marquis wrote:
>
> On Fri, 11 Aug 2017, Remko Lodder wrote:
>
>> If an entry is removed from the ports/pkg tree?s and it is also removed
>> from VuXML, then yes, it will no longer get marked in your local
>> installation. That?s a bit of a chicken and egg basic
On Fri, 11 Aug 2017, Remko Lodder wrote:
If an entry is removed from the ports/pkg tree?s and it is also removed
from VuXML, then yes, it will no longer get marked in your local
installation. That?s a bit of a chicken and egg basically. Although I do
not recall that it ever happened that ports t
> On 11 Aug 2017, at 23:47, Roger Marquis wrote:
>
>> It had been resolved for dovecot (it will now match both variants, since
>> people might still have
>> the old variant of the port installed) and there is a new paragraph added to
>> the porters handbook
>> which tells that we need to have
It had been resolved for dovecot (it will now match both variants, since people
might still have
the old variant of the port installed) and there is a new paragraph added to
the porters handbook
which tells that we need to have a look at the vuxml entries.
Thanks Remko.
Hope this solves your
Hi Roger,
> On 11 Aug 2017, at 17:14, Remko Lodder wrote:
>
> Hi Roger,
>
>> On 11 Aug 2017, at 04:41, Roger Marquis wrote:
>>
>> In the past pkg-audit and even pkg-version have not been reliable tools
>> where installed ports or packages have been subsequently discontinued or
>> renamed. T
Hi Roger,
> On 11 Aug 2017, at 04:41, Roger Marquis wrote:
>
> In the past pkg-audit and even pkg-version have not been reliable tools
> where installed ports or packages have been subsequently discontinued or
> renamed. Today, however, I notice that dovecot2 is still showing up in
> the output
On Tue, Aug 16, 2016, at 11:41, Roger Marquis wrote:
>
> There's also an issue with older versions (perl 5.1*) no longer showing
> up in the vuln.xml at all. I've seen perl, php and other critical
> network components still in use because the site depended on 'pkg audit'
> but did not know that
10 matches
Mail list logo
