Due to a vulnerability issue earlier with a port, I received some kind
emails of using the command below to update the VuXML DB (which is not a
part of the ports tree).
I did so on my server and got the following output:
--- cut ---
> pkg audit -F
vulnxml file up-to-date
tiff-4.0.7_1 is vulnerable:
tiff -- multiple vulnerabilities
CVE: CVE-2017-7602
CVE: CVE-2017-7601
CVE: CVE-2017-7600
CVE: CVE-2017-7599
CVE: CVE-2017-7598
CVE: CVE-2017-7597
CVE: CVE-2017-7596
CVE: CVE-2017-7595
CVE: CVE-2017-7594
CVE: CVE-2017-7593
CVE: CVE-2017-7592
CVE: CVE-2017-5225
WWW:
https://vuxml.FreeBSD.org/freebsd/2a96e498-3234-4950-a9ad-419bc84a839d.html
1 problem(s) in the installed packages found.
--- cut ---
What is the next procedure to follow; should I inform the port
maintainer of the reported port ((ports are a user group effort) ) or
should I update this port with "DISABLE_VULNERABILITIES=yes" ?
Happy to contribute,
Jos Chrispijn
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
