b***@freebsd.org
2021-05-29 08:00:53 UTC
Bugzilla Automation <***@FreeBSD.org> has asked freebsd-pkg (Nobody)
<***@FreeBSD.org> for maintainer-feedback:
Bug 256236: ports-mgmt/pkg: audit command didn't work properly with port epoch
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256236
--- Description ---
Hi.
We skip some important information about security vulnerabilities if port epoch
server1# pkg audit nginx-1.20.0_2,1
nginx-1.20.0_2,1 is vulnerable:
........
Works well. But if we change the epoch to 2:
server1# pkg audit nginx-1.20.0_2,2
0 problem(s) in 0 installed package(s) found.
The nginx port is currently at epoch 2.
<***@FreeBSD.org> for maintainer-feedback:
Bug 256236: ports-mgmt/pkg: audit command didn't work properly with port epoch
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256236
--- Description ---
Hi.
We skip some important information about security vulnerabilities if port epoch
1.
For example:server1# pkg audit nginx-1.20.0_2,1
nginx-1.20.0_2,1 is vulnerable:
........
Works well. But if we change the epoch to 2:
server1# pkg audit nginx-1.20.0_2,2
0 problem(s) in 0 installed package(s) found.
The nginx port is currently at epoch 2.