| 1 |
Ühel kenal päeval, N, 10.11.2022 kell 22:07, kirjutas Jaco Kroon: |
| 2 |
> > Like glsa-check? |
| 3 |
> We currently use that, but it really just says which GLSAs are |
| 4 |
> applicable to the system, it doesn't tell me net-misc/asterisk- |
| 5 |
> 16.0.1:16 |
| 6 |
> - we've got ways of working from the glsa-check output to that. Of |
| 7 |
> particular annoyance if a GLSA lists multiple packages, of which you |
| 8 |
> have one installed, and one not. Given net-misc/asterisk-16.0.1:16 I |
| 9 |
> can |
| 10 |
> quite quickly determine that emerge -1av net-misc/asterisk:16 will |
| 11 |
> resolve the problem with the lowest possible risk of breakage to |
| 12 |
> other |
| 13 |
> components on the system, and without having to perform a full |
| 14 |
> update. |
| 15 |
|
| 16 |
emerge -vpO @security |
| 17 |
|
| 18 |
but to get something like it to only showing which installed asterisk |
| 19 |
SLOT is vulnerable would be some extra coding with portage API I think. |
Archives