Hey folks, On a 14.4.2 LTS image, running `pkg_admin audit` after a `pkgin full-upgrade` still reports a number of vulnerable packages.
Some of the bugs reported by audit are non-trivial: https://gist.githubusercontent.com/bdha/e11a3672d96c1a5bdd76/raw/6f39e50130866db58c9b650da13a09936a82d5d0/gistfile1.txt Going through https://github.com/joyent/pkgsrc/tree/joyent/release/2014Q4 It looks like some packages are getting security and reliability fixes pulled in from upstream pkgsrc, but not all? Is there a procedure for getting security patches from upstream backported into LTS? Am I confused (package versions unchanged? If so, leads to auditing confusion)? (How do I work this? Where is that large automobile? This is not my beautiful house) Cheers. -- bdha ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
