View Single Post
  #3   (View Single Post)  
Old 4th July 2008
robklg robklg is offline
New User
Join Date: Jul 2008
Posts: 3

Thank you very much for your response.

I have managed to upgrade now from php5-posix-5.2.5 to php5-posix-5.2.6.

I think the behaviour is very strange. First of, portaudit reports that I need to upgrade php5-posix-5.2.5 because of a vulnerability. But then, portupgrade does not allow me to upgrade to that version, because it *also* has a security vulnerability. Doesn't make sense.

So I used the DISABLE_VULNERABILITIES variable, and the upgrade worked.

But now portaudit says I need to upgrade the php5-posix-5.2.6 because of a vulnerability. However, I cannot upgrade it, because there is no later version of this package.

I begin to wonder why. Let me ask a question... in order to update my ports tree, this is the right method right?:

# portsdb -F -u
# portsnap fetch update

root@hobbes:~# portsnap fetch update
Looking up mirrors... 4 mirrors found.
Fetching snapshot tag from done.
Latest snapshot on server matches what we already have.
No updates needed.
Ports tree is already up to date.

# portaudit
Affected package: php5-posix-5.2.6
Type of problem: php -- input validation error in posix_access function.
Reference: <>

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.
# pkg_version -v | grep php5-posix
php5-posix-5.2.6                    =   up-to-date with port
There is no information about php5-posix upgrading in /usr/ports/UPDATING.

What am I doing wrong?
Reply With Quote