1 |
Ühel kenal päeval, N, 10.11.2022 kell 22:07, kirjutas Jaco Kroon: |
2 |
> > Like glsa-check? |
3 |
> We currently use that, but it really just says which GLSAs are |
4 |
> applicable to the system, it doesn't tell me net-misc/asterisk- |
5 |
> 16.0.1:16 |
6 |
> - we've got ways of working from the glsa-check output to that. Of |
7 |
> particular annoyance if a GLSA lists multiple packages, of which you |
8 |
> have one installed, and one not. Given net-misc/asterisk-16.0.1:16 I |
9 |
> can |
10 |
> quite quickly determine that emerge -1av net-misc/asterisk:16 will |
11 |
> resolve the problem with the lowest possible risk of breakage to |
12 |
> other |
13 |
> components on the system, and without having to perform a full |
14 |
> update. |
15 |
|
16 |
emerge -vpO @security |
17 |
|
18 |
but to get something like it to only showing which installed asterisk |
19 |
SLOT is vulnerable would be some extra coding with portage API I think. |