pkg audit and port upgrades

Roland van Laar roland at micite.net
Thu Sep 15 10:04:53 UTC 2016


Hello Community,

My question: How do I know if a vulnerable port has had an update?

I get daily emails from pkg audit telling me about vulnerabilities in my 
ports.
Today it was curl, but the latest curl hasn't yet had an update.

I update the ports tree and rebuild my ports.
Only to notice during the build that it stops the build because the port 
is still vulnerable.

=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update 
available.
=> If you wish to ignore this vulnerability rebuild with 'make 
DISABLE_VULNERABILITIES=yes'
*** Error code 1

Is there a way to know before I build my ports to know if there is a 
vulnerability?

Regards,

Roland van Laar



More information about the freebsd-questions mailing list