How do I know a CVE has been fixed for FreeBSD

Package www/firefox returned so many CVE's from pkg aud -F.
So how can I know that all those CVE are patched or not. Some of them are *RESERVED*.
Say status of CVE-5863; CVE-2018-5156 etc. from various web sources of cve.mitre & NVD.
From FreshPorts-VuXML says an older version is vulnerable. Latest version covered all CVE's ?
 
Easy, look them up. First: the pkg-audit(8) has given you an URL which points to this site. Read more closely and you'll clearly see it mention: "Mozilla Foundation reports" therefor that's where you should look: the Mozilla bugtracker.

So head over to bugzilla.mozilla.com (obviously it's Bugzilla powered :p) and check.

CVE-5863? Can be found here, and seems to have been closed 13 years ago.

Well, either that or I'm not looking in the right section, but even so: you should be searching the Mozilla bugtracker for those.
 
Back
Top