Sujet : Re: daily security run output security vulnerabilities in base
De : wbe (at) *nospam* UBEBLOCK.psr.com.invalid (Winston)
Groupes : comp.unix.bsd.freebsd.miscDate : 01. Jun 2025, 14:01:53
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <ydy0ub7gzi.fsf@UBEblock.psr.com>
References : 1
User-Agent : Gnus/5.13 (Gnus v5.13)
Marco Moock <
mm@dorfdsl.de> writes:
Checking for packages with security vulnerabilities:
Database fetched: 2025-05-30T04:45+02:00
python311-3.11.11
Yep.
I can confirm that this is installed:
>
[m@teufel ~]$ pkg version |grep python
python311-3.11.11 =
[m@teufel ~]$
I prefer "pkg query %v python311", but the result is the same.
Although, I see no way to update that.
I, too, used to think this was strange, but that's how it works: They
don't wait until a fix is available via pkg to alert you to the
vulnerability. (I'm not sure, but maybe the fix *is* released via
ports at that time, but takes longer to appear via pkg.)
"pkg audit" gives you URLs to pages for each bug, so you can decide how
serious they are. Those pages also tell you what version you need in
order to have the fix included. That's important, because often there's
a version in the pkg repository that's more recent that the one you have,
but not late enough to include the fix, so you'd be able to upgrade, but
the upgraded version would still have the bug, so maybe it's not worth
upgrading yet.
Worst case, you can disable the service until the fixed version is
available.
Is there anything wrong on my system or why can't I update?
... because the fix for that particular package isn't available via pkg
yet.
When "pkg rquery %v python311" says python311-3.11.11_1 or higher (in
this particular case), upgrading will fix the problem.
-WBE
daily security run output security vulnerabilities in base
Re: daily security run output security vulnerabilities in base