[Bug 282755] `pkg audit` reports kernel vulnerability that was 'fixed' in a userland update?

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 282755] `pkg audit` reports kernel vulnerability that was 'fixed' in a userland update?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 15 Nov 2024 17:56:19 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282755

Philip Paeps <philip@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |philip@FreeBSD.org
             Status|New                         |Open
           Assignee|bugs@FreeBSD.org            |secteam@FreeBSD.org

--- Comment #2 from Philip Paeps <philip@FreeBSD.org> ---
This has happened a few times before, most recently in December last year.

For context:

The freebsd-update build process only rebuilds the kernel when the fixed
vulnerability is in the kernel binary.  If the vulnerability is in a module,
only that module is rebuilt.  In that case, the kernel version string reported
by `uname -r` doesn't change.

There is no good way to model this in vuxml.

-- 
You are receiving this mail because:
You are the assignee for the bug.