security audit shows 5 CVEs but no updates available

zcutlip · June 15, 2020, 06:16:29 PM

I think I'm fully up to date, running the following versions according to the dashboard:
- OPNsense 20.1.7-amd64
- FreeBSD 11.2-RELEASE-p20-HBSD
- OpenSSL 1.1.1g 21 Apr 2020

Checking for updates shows none available, but the security audit shows problems with the following packages:
- python37-3.7.7 (2 CVEs)
- libnghttp2-1.40.0
- unbound-1.10.0
- json-c-0.13.1_1

Is this expected. Should I be looking somewhere other than Firmware Updates in the Web UI to update these packages?

Thanks

mimugmail · June 16, 2020, 05:58:54 AM

They will be included in 20.1.8 :)

cmdr.adama · June 16, 2020, 01:19:08 PM

I posted the same thing a couple of days ago and got this response from hbc..

Quote from: hbc on June 06, 2020, 11:26:29 PM
Nothing to be worried about. Everybody has this button for security audit - even developers. The know about it.

@franco: feature request: add hint not to post security audits to forum and explain its use case

security audit shows 5 CVEs but no updates available

zcutlip

June 15, 2020, 06:16:29 PM

mimugmail

June 16, 2020, 05:58:54 AM #1

cmdr.adama

June 16, 2020, 01:19:08 PM #2