Re: pkg_admin audit incorrect information.

To: Mike Pumford <mpumford%mudcovered.org.uk@localhost>
Subject: Re: pkg_admin audit incorrect information.
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Tue, 23 Nov 2021 19:33:29 +0100

On Tue, Nov 23, 2021 at 06:28:08PM +0000, Mike Pumford wrote:
> What's the process for correcting audit information for pkg_admin audit?
> 
> I've got quite a few packages which are reported as having a vulnerability
> but when i click through to the CVE I can see that the package version I
> have is newer than the highest version reported:
> 
> e.g:
> 
> Package exim-4.95 has a out-of-bounds-read vulnerability, see
> https://nvd.nist.gov/vuln/detail/CVE-2020-12783
> 
> But if I visit that link it says that the issue only impacts exim 4.93 or
> older. As far as I can tell the vulnerabilities file is being fetch
> correctly (no errors reported when I run it manually) so I don't think my
> audit database is out of date.
> 
> There are many others as well. I'm happy to break them down if there is a
> way to report them as it makes spotting real issues harder than it needs to
> be.

Please mail pkgsrc-security%NetBSD.org@localhost about these.

Thanks,
 Thomas

Follow-Ups:
- Re: pkg_admin audit incorrect information.
  - From: Mike Pumford

References:
- pkg_admin audit incorrect information.
  - From: Mike Pumford

Prev by Date: pkg_admin audit incorrect information.
Next by Date: Re: pkg_admin audit incorrect information.
Previous by Thread: pkg_admin audit incorrect information.
Next by Thread: Re: pkg_admin audit incorrect information.
Indexes:

Home | Main Index | Thread Index | Old Index