# Vulnerable system by ports that do not want to update!



## teo (Sep 12, 2020)

Any solution to that detection to that vulnerability? I've already updated the ports and packages with the latest.


# `pkg audit -F`

```
Fetching vuln.xml.bz2: 100%  880 KiB 300.2kB/s    00:03    
gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8365
CVE: CVE-2015-8364
CVE: CVE-2015-8363
CVE: CVE-2015-8219
CVE: CVE-2015-8218
CVE: CVE-2015-8217
CVE: CVE-2015-8216
CVE: CVE-2015-6761
WWW: https://vuxml.FreeBSD.org/freebsd/b0da85af-21a3-4c15-a137-fe9e4bc86002.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-6826
CVE: CVE-2015-6825
CVE: CVE-2015-6824
CVE: CVE-2015-6823
CVE: CVE-2015-6822
CVE: CVE-2015-6821
CVE: CVE-2015-6820
CVE: CVE-2015-6819
CVE: CVE-2015-6818
WWW: https://vuxml.FreeBSD.org/freebsd/3d950687-b4c9-4a86-8478-c56743547af8.html

gstreamer-ffmpeg-0.10.13_7 is vulnerable:
ffmpeg -- multiple vulnerabilities
CVE: CVE-2015-8663
CVE: CVE-2015-8662
WWW: https://vuxml.FreeBSD.org/freebsd/4bae544d-06a3-4352-938c-b3bcbca89298.html

jasper-2.0.16_1 is vulnerable:
jasper -- multiple vulnerabilities
CVE: CVE-2017-13750
CVE: CVE-2018-18873
CVE: CVE-2017-5499
CVE: CVE-2017-14132
CVE: CVE-2016-9398
CVE: CVE-2018-20622
CVE: CVE-2018-20570
CVE: CVE-2017-9782
CVE: CVE-2018-19543
CVE: CVE-2018-19139
CVE: CVE-2018-9252
CVE: CVE-2017-5505
CVE: CVE-2017-5504
CVE: CVE-2017-5503
CVE: CVE-2017-13748
CVE: CVE-2018-9055
CVE: CVE-2018-19540
CVE: CVE-2017-13751
CVE: CVE-2016-9399
CVE: CVE-2018-19541
CVE: CVE-2018-9154
WWW: https://vuxml.FreeBSD.org/freebsd/6842ac7e-d250-11ea-b9b7-08002728f74c.html

4 problem(s) in 2 installed package(s) found.

#
```




# `uname -a`

```
FreeBSD neq.org 12.1-RELEASE-p9 FreeBSD 12.1-RELEASE-p9 GENERIC  amd64
```


----------



## richardtoohey2 (Sep 12, 2020)

I'm waiting on jasper, too.

I assumed because it was depended on by a few things, there would need to be some testing.

But looks like the new version is just out, anyway:





__





						FreshPorts -- graphics/jasper: Implementation of the codec specified in the JPEG-2000 standard
					

JasPer is a software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1). The JasPer software is written in the C programming language.  See also: https://github.com/jasper-software/jasper




					www.freshports.org
				




Not sure about the others, I don't use them.


----------



## T-Daemon (Sep 13, 2020)

graphics/jasper has been updated on Sept 12 to version 2.0.20. Package users can expect soon the updated version in latest and quarterly package repository.





__





						[ports] Revision 548374
					






					svnweb.freebsd.org


----------



## teo (Sep 13, 2020)

T-Daemon said:


> graphics/jasper has been updated on Sept 12 to version 2.0.20. Package users can expect soon the updated version in latest and quarterly package repository.
> 
> 
> 
> ...



Thanks by  you information, the graphics/jasper port has already been updated, the multimedia/gstreamer-ffmpeg   port continues to generate vulnerability to the system.


----------

