[Bug 268296] ports-mgmt/pkg: pip-audit regularly shows vulnerabilities not reported by pkg audit

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268296] ports-mgmt/pkg: pip-audit regularly shows vulnerabilities not reported by pkg audit"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 11 Dec 2022 18:45:05 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268296

Graham Perrin <grahamperrin@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |feature, needs-qa
                URL|                            |https://www.freebsd.org/cgi
                   |                            |/man.cgi?query=pkg-audit&se
                   |                            |ktion=8&manpath=FreeBSD-Por
                   |                            |ts
             Status|New                         |Open
                 CC|                            |grahamperrin@freebsd.org

--- Comment #1 from Graham Perrin <grahamperrin@freebsd.org> ---
Brief ramble … <https://www.freshports.org/vuxml.php?package=python39> leads to
various details, including a 2022-12-07 entry. 

Rewind to <https://www.freshports.org/lang/python39/>, the skull icon – not
greyed out – indicates a vulnerability. 

<https://www.freshports.org/faq.php#vuxml>

(In reply to Phil Budne from comment #0)

> … if pkg audit could report whether or not a pkg upgrade is available 
> that fixes a reported vulnerability. …

With FreshPorts able to distinguish between current and past vulnerabilities …
yes, I wonder whether pkg-audit(8) can signal that a (reported) vulnerability
is without a (ported) fix.

-- 
You are receiving this mail because:
You are the assignee for the bug.