pkg audit disagrees with pkg upgrade ???
edflecko .
edflecko at gmail.com
Wed May 7 15:17:48 UTC 2014
Cool! Thank you Lowell.
:-)
Ed
On Wed, May 7, 2014 at 8:06 AM, Lowell Gilbert <
freebsd-questions-local at be-well.ilk.org> wrote:
> Don't top-post, please.
>
> "edflecko ." <edflecko at gmail.com> writes:
>
> > On Wed, May 7, 2014 at 12:21 AM, Arthur Chance <freebsd at qeng-ho.org>
> wrote:
> >
> >> On 06/05/2014 21:27, edflecko . wrote:
> >>
> >>> I'm checking to see if I need to upgrade any installed packages. pkg
> audit
> >>> -F says I have three vulnerabilities, but when I run pkg upgrade -y, it
> >>> thinks everything is O.K. (see below)
> >>>
> >>> Why the discrepancy? Which one should I believe?
> >>>
> >>
> >> Apples and oranges. Just because a port has a vulnerability doesn't
> >> necessarily mean there's a newer version available yet.
>
> > Great, thank you.
> >
> > Is there a way to see what package(s) is specifically using these
> dependent
> > packages? I might choose to remove the host package, for security
> reasons,
> > and thereby remove these as well.
>
> Sure. "pkg info -r <package-name>". See "man pkg-info" for details.
>
> Or, sometimes, I just try to "pkg delete" the package, and (if it's
> still a dependency) I'll get an error message that tells me what depends
> on it.
>
More information about the freebsd-questions
mailing list