| Deutsch English Français Italiano |
|
<ydy0ub7gzi.fsf@UBEblock.psr.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Winston <wbe@UBEBLOCK.psr.com.invalid> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: daily security run output security vulnerabilities in base Date: Sun, 01 Jun 2025 09:01:53 -0400 Organization: A noiseless patient Spider Lines: 41 Message-ID: <ydy0ub7gzi.fsf@UBEblock.psr.com> References: <20250601081113.4f2543fd@ryz.dorfdsl.de> MIME-Version: 1.0 Content-Type: text/plain Injection-Date: Sun, 01 Jun 2025 15:01:47 +0200 (CEST) Injection-Info: dont-email.me; posting-host="9cf9d801cb6d25434a5f820a5badd9a6"; logging-data="2227330"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/uL3NomGdpT+oZCkdNLoV1" User-Agent: Gnus/5.13 (Gnus v5.13) Cancel-Lock: sha1:E2J5Dcc8SJei6j4bkKuoVOf4ELM= sha1:EWr9a+5NzY3VYKQK7Fc1nIzRL+E= Mail-Copies-To: never Bytes: 2541 Marco Moock <mm@dorfdsl.de> writes: > Checking for packages with security vulnerabilities: > Database fetched: 2025-05-30T04:45+02:00 > python311-3.11.11 Yep. > I can confirm that this is installed: > > [m@teufel ~]$ pkg version |grep python > python311-3.11.11 = > [m@teufel ~]$ I prefer "pkg query %v python311", but the result is the same. > Although, I see no way to update that. I, too, used to think this was strange, but that's how it works: They don't wait until a fix is available via pkg to alert you to the vulnerability. (I'm not sure, but maybe the fix *is* released via ports at that time, but takes longer to appear via pkg.) "pkg audit" gives you URLs to pages for each bug, so you can decide how serious they are. Those pages also tell you what version you need in order to have the fix included. That's important, because often there's a version in the pkg repository that's more recent that the one you have, but not late enough to include the fix, so you'd be able to upgrade, but the upgraded version would still have the bug, so maybe it's not worth upgrading yet. Worst case, you can disable the service until the fixed version is available. > Is there anything wrong on my system or why can't I update? .... because the fix for that particular package isn't available via pkg yet. When "pkg rquery %v python311" says python311-3.11.11_1 or higher (in this particular case), upgrading will fix the problem. -WBE