From nobody Fri Nov 15 17:56:19 2024
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Xql7m1d1Rz5dPrq
	for <bugs@mlmmj.nyi.freebsd.org>; Fri, 15 Nov 2024 17:56:20 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Xql7l5lbpz4RcM
	for <bugs@FreeBSD.org>; Fri, 15 Nov 2024 17:56:19 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1731693379;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=J9Nt/Q6Yc3Uy0Tgixw2XzHU/tUQVMw4CX/XZAA0to7c=;
	b=e9MPDFUucMF7JfpbddKSzCYFpbp/EThgFbWJYgY/BznG90EvZxaa4vU4H9rHwZTUm8fOk5
	KyJzOTQwJZ3VqAFXKE2+llsw+xmzfO/s3yCWDxp28CFE+7CgvuGVbNwi/THodeXSlRJKHt
	9GjXuIwX74oBukt8vjmhJrdp/CZfyoa78ik1nVVFOpp7nplYM/xwejJjhuubbVAu0ofaVV
	mawnUzmB9bvXB3dLzDFo+FEexWyLXCT7c3Tj9rCgI63nyIAyfeO01PHsoO6na0+1fAZOST
	+GlZlc2+ad0lnRLPW/TXLTTfrMI2jHO9IRGnC9aqKRaqxxfpU4Jj/SEVZyfiQQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1731693379; a=rsa-sha256; cv=none;
	b=DGNt4nn6zXiB0NgH4rhdnvmyFnnnX+VlKwN7+odcEeVNmWznYLPyDMNFMmMmZTbuCp0s6C
	3HsD5wBNN29Kp/bpQRt5n9M+HJthuhhT+2Q4wQDdsGdD3z5aO+ALHMQaTDDDgiEGV+S2Lx
	jqhFzOLQY4xFM8s4tkRg6tFKtgzkCSArQbxiKFYJJf3qWuISUryP1cQs7KgcjAlq1ncerD
	FHYv7M77S8dYYISNXQvsH8ksrkOnAcufgYF1Yml+2Cju9AgW1MbCI/K6T0QvYPoke0CcWW
	FvX2NaXknAZ096qFyrjyFPfNt+rA4Fz9oUzE06hnlHD1WsMYYDp1NNmP5O9z/Q==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Xql7l5MNvzYHw
	for <bugs@FreeBSD.org>; Fri, 15 Nov 2024 17:56:19 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 4AFHuJHB079598
	for <bugs@FreeBSD.org>; Fri, 15 Nov 2024 17:56:19 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 4AFHuJ4w079597
	for bugs@FreeBSD.org; Fri, 15 Nov 2024 17:56:19 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 282755] `pkg audit` reports kernel vulnerability that was
 'fixed' in a userland update?
Date: Fri, 15 Nov 2024 17:56:19 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: bin
X-Bugzilla-Version: 14.1-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: philip@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: secteam@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: cc bug_status assigned_to
Message-ID: <bug-282755-227-wOPXJhF17S@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-282755-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-282755-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282755

Philip Paeps <philip@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |philip@FreeBSD.org
             Status|New                         |Open
           Assignee|bugs@FreeBSD.org            |secteam@FreeBSD.org

--- Comment #2 from Philip Paeps <philip@FreeBSD.org> ---
This has happened a few times before, most recently in December last year.

For context:

The freebsd-update build process only rebuilds the kernel when the fixed
vulnerability is in the kernel binary.  If the vulnerability is in a module,
only that module is rebuilt.  In that case, the kernel version string repor=
ted
by `uname -r` doesn't change.

There is no good way to model this in vuxml.

--=20
You are receiving this mail because:
You are the assignee for the bug.=