pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg_admin audit incorrect information.

What's the process for correcting audit information for pkg_admin audit?

I've got quite a few packages which are reported as having a vulnerability but when i click through to the CVE I can see that the package version I have is newer than the highest version reported:


Package exim-4.95 has a out-of-bounds-read vulnerability, see

But if I visit that link it says that the issue only impacts exim 4.93 or older. As far as I can tell the vulnerabilities file is being fetch correctly (no errors reported when I run it manually) so I don't think my audit database is out of date.

There are many others as well. I'm happy to break them down if there is a way to report them as it makes spotting real issues harder than it needs to be.


Home | Main Index | Thread Index | Old Index