Security Audit Notification

[Mundan101]

I see the follow after I updated to 19.1.  Any issues with this?

***GOT REQUEST TO AUDIT SECURITY***
Fetching vuln.xml.bz2: .......... done
py27-requests-2.18.4_1 is vulnerable:
www/py-requests -- Information disclosure vulnerability
WWW: https://vuxml.FreeBSD.org/freebsd/50ad9a9a-1e28-11e9-98d7-0050562a4d7b.html

1 problem(s) in the installed packages found.
***DONE***

[franco]

Click the link to see what it's about.

These things happen. We can't always stop our release process when an issue is posted in that particular database, but we'll always try to pick it up as soon as possible.

In this case 19.1.1 will have the fix.


Cheers,
Franco

[mojojojotroi]

Hi,

In my Security Audit I have this :

Code: [Select]

***GOT REQUEST TO AUDIT SECURITY***
vulnxml file up-to-date
clamav-0.101.1,1 is vulnerable:
clamav -- multiple vulnerabilities
CVE: CVE-2019-1798
CVE: CVE-2019-1785
CVE: CVE-2019-1786
CVE: CVE-2019-1788
CVE: CVE-2019-1789
CVE: CVE-2019-1787
WWW: https://vuxml.FreeBSD.org/freebsd/84ce26c3-5769-11e9-abd6-001b217b3468.html

1 problem(s) in the installed packages found.
***DONE***
I looked into ClamAV website, and the last version is 0.101.2
But when I click on check update inside OPNsense web GUI, it seems that 0.101.2 isn't yet on the repo.
Anyone achieved to update it anyway ?

[franco]

ClamAV was updated in FreeBSD ports only today.

https://github.com/freebsd/freebsd-ports/commit/6c767ad362bad

We can pick it up for 19.1.7. Sometimes update windows simply overlap or ports come in a few weeks later depending on port maintainer responsiveness.


Cheers,
Franco