pkg_admin audit incorrect information.

To: pkgsrc-users <pkgsrc-users%netbsd.org@localhost>
Subject: pkg_admin audit incorrect information.
From: Mike Pumford <mpumford%mudcovered.org.uk@localhost>
Date: Tue, 23 Nov 2021 18:28:08 +0000

What's the process for correcting audit information for pkg_admin audit?

I've got quite a few packages which are reported as having avulnerability but when i click through to the CVE I can see that thepackage version I have is newer than the highest version reported:


e.g:

Package exim-4.95 has a out-of-bounds-read vulnerability, seehttps://nvd.nist.gov/vuln/detail/CVE-2020-12783

But if I visit that link it says that the issue only impacts exim 4.93or older. As far as I can tell the vulnerabilities file is being fetchcorrectly (no errors reported when I run it manually) so I don't thinkmy audit database is out of date.

There are many others as well. I'm happy to break them down if there isa way to report them as it makes spotting real issues harder than itneeds to be.


Mike

Follow-Ups:
- Re: pkg_admin audit incorrect information.
  - From: Thomas Klausner

Prev by Date: Re: tools for losslessly manipulating mp3s
Next by Date: Re: pkg_admin audit incorrect information.
Previous by Thread: graphics/php-imagick build failed with php80 in pkgsrc-2021Q3
Next by Thread: Re: pkg_admin audit incorrect information.
Indexes:

Home | Main Index | Thread Index | Old Index