pkg audit finds updates, but pkg upgrade doesn't
John Goerzen
jgoerzen at complete.org
Mon Feb 16 22:12:27 UTC 2015
Hello,
So this is a bit of an odd one. Is this a bug, or am I missing something?
So I ran pkg audit today, and got this:
root at freebsd-laptop:~ # pkg audit -F
pkg: vulnxml file up-to-date
xorg-server-1.14.7_1,1 is vulnerable:
xorg-server -- Information leak in the XkbSetGeometry request of X servers.
CVE: CVE-2015-0255
WWW: http://vuxml.FreeBSD.org/freebsd/54a69cf7-b2ef-11e4-b1f1-bcaec565249c.html
1 problem(s) in the installed packages found.
OK, so far so good, right? I need a new xorg-server. But:
root at freebsd-laptop:~ # pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
root at freebsd-laptop:~ # pkg upgrade
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (1 candidates): 100%
Processing candidates (1 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.
Hmm. I can repeat these commands as often as I like, and still I get the
same thing: xorg-server is vulnerable, but my packages are up-to-date. That
issue has been in FreeBSD's vulnerability database for almost a week, so
presumably I'm not just seeing mirror lag or something here.
Any ideas?
Thanks,
John
More information about the freebsd-questions
mailing list