From nobody Sat Mar 25 12:18:48 2023 X-Original-To: ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PkJ5s60fGz416Jr for ; Sat, 25 Mar 2023 12:18:57 +0000 (UTC) (envelope-from lumiwa@dismail.de) Received: from mx2.dismail.de (mx2.dismail.de [159.69.191.136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PkJ5r5KGSz3nht for ; Sat, 25 Mar 2023 12:18:56 +0000 (UTC) (envelope-from lumiwa@dismail.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=dismail.de header.s=20190914 header.b=HG4knA7R; spf=pass (mx1.freebsd.org: domain of lumiwa@dismail.de designates 159.69.191.136 as permitted sender) smtp.mailfrom=lumiwa@dismail.de; dmarc=pass (policy=reject) header.from=dismail.de Received: from mx2.dismail.de (localhost [127.0.0.1]) by mx2.dismail.de (OpenSMTPD) with ESMTP id 8ecdf397 for ; Sat, 25 Mar 2023 13:18:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=dismail.de; h=date:from :to:subject:message-id:mime-version:content-type :content-transfer-encoding; s=20190914; bh=HxV9Qp/cPYjD0qUK2Bxn8 x1ubkM02yd1hNqy8Gzf2Jk=; b=HG4knA7RKyJMfQ91n9haj+f+oiBghDzmLVydT gA70TuyOG+S2PlGWnx9lAXjJm42QZgcJJyY7dZA5t8gshkB9vkJRZ10gPe45HnUq 2uh6Q5gM+L3aaevlmwua2Pvyq+IH2Ud3bMo2z0lC/hdNHhfC+4Lq1Kc8cGaDaaHw ThRf84nMmLTyeUrtLjQ5HvnXVaIkQwbrc9RwvLHfUESpT4C2tv8mAw9l2KgVwx1d ZoU9EpHwelArQuqcwtHH3pmlvp8wO8DM6fWaoaRORJq0wxf/F91Mrt7+hRC2j0gp L2k8af8TgQRIR4B8Xl472f0psYX/mwnuBrjxy5kbdzaLzcVEA== Received: from smtp1.dismail.de ( [10.240.26.11]) by mx2.dismail.de (OpenSMTPD) with ESMTP id eff888ac for ; Sat, 25 Mar 2023 13:18:54 +0100 (CET) Received: from smtp1.dismail.de (localhost [127.0.0.1]) by smtp1.dismail.de (OpenSMTPD) with ESMTP id 0ec917d2 for ; Sat, 25 Mar 2023 13:18:53 +0100 (CET) Received: by dismail.de (OpenSMTPD) with ESMTPSA id 4e95c990 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for ; Sat, 25 Mar 2023 13:18:53 +0100 (CET) Date: Sat, 25 Mar 2023 08:18:48 -0400 From: LuMiWa To: FreeBSD Ports Subject: pkg audit Message-ID: <20230325081848.168fa1be@dismail.de> X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd13.1) List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-5.35 / 15.00]; DWL_DNSWL_LOW(-1.00)[dismail.de:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.65)[-0.651]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DMARC_POLICY_ALLOW(-0.50)[dismail.de,reject]; R_SPF_ALLOW(-0.20)[+ip4:159.69.191.136]; RCVD_IN_DNSWL_MED(-0.20)[159.69.191.136:from]; R_DKIM_ALLOW(-0.20)[dismail.de:s=20190914]; MIME_GOOD(-0.10)[text/plain]; DKIM_TRACE(0.00)[dismail.de:+]; MLMMJ_DEST(0.00)[ports@freebsd.org]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:24940, ipnet:159.69.0.0/16, country:DE]; RCVD_COUNT_FIVE(0.00)[5]; ARC_NA(0.00)[]; TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[ports@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PkJ5r5KGSz3nht X-Spamd-Bar: ----- X-ThisMailContainsUnwantedMimeParts: N Hi! I did run pkg audit -F today and my question is if is still safe to use Internet with all of this vulnerabilities, please? Thank you. pkg audit -F vulnxml file up-to-date libXpm-3.5.13 is vulnerable: libXpm -- Issues handling XPM files CVE: CVE-2022-4883 CVE: CVE-2022-44617 CVE: CVE-2022-46285 WWW: https://vuxml.FreeBSD.org/freebsd/38f213b6-8f3d-4067-91ef-bf14de7ba518.html xorg-server-21.1.4_1,1 is vulnerable: xorg-server -- Security issue in the X server CVE: CVE-2023-0494 WWW: https://vuxml.FreeBSD.org/freebsd/6cc63bf5-a727-4155-8ec4-68b626475e68.html xorg-server -- Multiple security issues in X server extensions CVE: CVE-2022-4283 CVE: CVE-2022-46344 CVE: CVE-2022-46343 CVE: CVE-2022-46342 CVE: CVE-2022-46341 CVE: CVE-2022-46340 WWW: https://vuxml.FreeBSD.org/freebsd/9fa7b139-c1e9-409e-bed0-006aadcf5845.ht= ml curl-7.88.1 is vulnerable: curl -- multiple vulnerabilities CVE: CVE-2023-27538 CVE: CVE-2023-27537 CVE: CVE-2023-27536 CVE: CVE-2023-27535 CVE: CVE-2023-27534 CVE: CVE-2023-27533 WWW: https://vuxml.FreeBSD.org/freebsd/0d7d104c-c6fb-11ed-8a4b-080027f5fec9.html 4 problem(s) in 3 installed package(s) found. --=20 =E2=80=9CIf you have reasons to love someone, you don=E2=80=99t love them.= =E2=80=9D =E2=80=95 Slavoj =C5=BDi=C5=BEek=20