pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg_admin audit incorrect information.



On Tue, Nov 23, 2021 at 06:28:08PM +0000, Mike Pumford wrote:
> What's the process for correcting audit information for pkg_admin audit?
> 
> I've got quite a few packages which are reported as having a vulnerability
> but when i click through to the CVE I can see that the package version I
> have is newer than the highest version reported:
> 
> e.g:
> 
> Package exim-4.95 has a out-of-bounds-read vulnerability, see
> https://nvd.nist.gov/vuln/detail/CVE-2020-12783
> 
> But if I visit that link it says that the issue only impacts exim 4.93 or
> older. As far as I can tell the vulnerabilities file is being fetch
> correctly (no errors reported when I run it manually) so I don't think my
> audit database is out of date.
> 
> There are many others as well. I'm happy to break them down if there is a
> way to report them as it makes spotting real issues harder than it needs to
> be.

Please mail pkgsrc-security%NetBSD.org@localhost about these.

Thanks,
 Thomas


Home | Main Index | Thread Index | Old Index