pkg audit finds updates, but pkg upgrade doesn't

John Goerzen jgoerzen at complete.org
Mon Feb 16 22:12:27 UTC 2015


Hello,

So this is a bit of an odd one.  Is this a bug, or am I missing something?

So I ran pkg audit today, and got this:

root at freebsd-laptop:~ # pkg audit -F
pkg: vulnxml file up-to-date
xorg-server-1.14.7_1,1 is vulnerable:
xorg-server -- Information leak in the XkbSetGeometry request of X servers.
CVE: CVE-2015-0255
WWW: http://vuxml.FreeBSD.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html

1 problem(s) in the installed packages found.

OK, so far so good, right?  I need a new xorg-server.  But:

root at freebsd-laptop:~ # pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
root at freebsd-laptop:~ # pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (1 candidates): 100%
Processing candidates (1 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.

Hmm.  I can repeat these commands as often as I like, and still I get the
same thing: xorg-server is vulnerable, but my packages are up-to-date.  That
issue has been in FreeBSD's vulnerability database for almost a week, so
presumably I'm not just seeing mirror lag or something here.

Any ideas?

Thanks,

John



More information about the freebsd-questions mailing list