Pkg audit package not identified as vulnerable
Baptiste Daroussin
bapt at FreeBSD.org
Mon Sep 7 09:15:41 UTC 2015
On Mon, Sep 07, 2015 at 09:59:15AM +0200, Marko Turk wrote:
> Hi,
>
> I have both gstreamer1-libav and ffmpeg installed. Both are vulnerable
> (according to vuxml.freebsd.org) but pkg audit prints one package
> two times. Additionally, pkg audit -v prints only one package as
> vulnerable.
>
> Is this intended behavior?
>
> BR,
> Marko
>
> root at shkatula:~ # pkg audit
> gstreamer1-libav-1.4.5 is vulnerable:
> ffmpeg -- use after free
> CVE: CVE-2015-3417
> WWW: https://vuxml.FreeBSD.org/freebsd/da434a78-e342-4d9a-87e2-7497e5f117ba.html
>
> gstreamer1-libav-1.4.5 is vulnerable:
> ffmpeg -- out-of-bounds array access
> CVE: CVE-2015-3395
> WWW: https://vuxml.FreeBSD.org/freebsd/80c66af0-d1c5-449e-bd31-63b12525ff88.html
>
> 1 problem(s) in the installed packages found.
>
> root at shkatula:~ # pkg audit -q
> gstreamer1-libav-1.4.5
> root at shkatula:~ #
Which version of ffmpeg do you have installed?
Best regards,
Bapt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pkg/attachments/20150907/585f89eb/attachment.bin>
More information about the freebsd-pkg
mailing list