# How do I know a CVE has been fixed for FreeBSD



## gnath (Jun 27, 2018)

Package www/firefox returned so many CVE's from `pkg aud -F`.
So how can I know that all those CVE are patched or not. Some of them are *RESERVED*.
Say status of CVE-5863; CVE-2018-5156 etc. from various web sources of cve.mitre & NVD.
From FreshPorts-VuXML says an older version is vulnerable. Latest version covered all CVE's ?


----------



## ShelLuser (Jun 27, 2018)

Easy, look them up. First: the pkg-audit(8) has given you an URL which points to this site. Read more closely and you'll clearly see it mention: "_Mozilla Foundation reports_" therefor that's where you should look: the Mozilla bugtracker.

So head over to bugzilla.mozilla.com (obviously it's Bugzilla powered ) and check.

CVE-5863?  Can be found here, and seems to have been closed 13 years ago.

Well, either that or I'm not looking in the right section, but even so: you should be searching the Mozilla bugtracker for those.


----------



## gnath (Jun 27, 2018)

Checked VuXML & https://nvd.nist.gov/vuln/detail/CVE-2018-5863. No clear indication. Probably I have not understood properly. I am not an expert. But pkg audit in FreeBSD gave a long list. I am yet to check mozilla.com.


----------

