[pkgsrc/trunk]: pkgsrc/templates README.pkg: be more realistic about CVEs in ...

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/e946b67e4090
branches:  trunk
changeset: 447237:e946b67e4090
user:      nia <nia%pkgsrc.org@localhost>
date:      Thu Feb 18 10:44:07 2021 +0000

description:
README.pkg: be more realistic about CVEs in the age of fuzzing

diffstat:

 templates/README.pkg |  9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diffs (26 lines):

diff -r 0016a47ba873 -r e946b67e4090 templates/README.pkg
--- a/templates/README.pkg      Thu Feb 18 10:39:50 2021 +0000
+++ b/templates/README.pkg      Thu Feb 18 10:44:07 2021 +0000
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<!-- $NetBSD: README.pkg,v 1.28 2017/02/04 03:47:47 riastradh Exp $ -->
+<!-- $NetBSD: README.pkg,v 1.29 2021/02/18 10:44:07 nia Exp $ -->
 <html>
 <head>
 <title>The NetBSD Packages Collection: %%PORT%%</title>
@@ -47,12 +47,11 @@
 <UL>
 %%VULNERABILITIES%%
 </UL>
-If you have a vulnerable package installed on any machine, you are
-advised to remove the package
-immediately, using the standard package tools.
 The <a href="../../pkgtools/pkg_install/README.html">pkg_admin audit</a>
 command locates any installed package which has been mentioned in
-security advisories as being vulnerable.
+security advisories as having vulnerabilities.
+Please note the vulnerabilities database might not be fully accurate,
+and not every bug is exploitable with every configuration.
 </P>