pkg audit

Hi!

After swithed from ports to packages pkg audit doesn't shows anything:
Code:
pkg audit
0 problem(s) in 0 installed package(s) found

Thank you.
 
The final message is a summary, basically the sum of the number of problems found and the sum of the number packages that were found to have problems.
Any single package can have more than one vulnerability.
But there could be a bug. I just ran it, I'm following quarterly, chromium and curl are both showing more than one CVE, both say "multiple vulnerabilities" but the summary says

2 problem(s) in 2 installed package(s) found.

For me, honestly, the number of packages, what packages and the list of CVEs is more important than having the summary line correct.

If yours say "0" then don't worry about it.
Don't forget that the dailysecurity script run pkg audit, so check root email or the log file if you have periodic set to push to log files.
 
I use pkg audit -F for it to check for updates. Then, it will show if there's a vulnerability, if one wasn't shown before with pkg audit.
 
Back
Top