noob question about security updates on DragonFly

soko.tica soko.tica at
Thu Sep 1 01:32:40 PDT 2016


I'm (finally!) exploring DragonFlyBSD running it on Qemu. It's been
reported that libxml2-2.9.3 is vulnerable, but I can't get the update of
it. Is it just a matter of time, or am I doing something wrong?

Thank you very much in advance for your answers.

The output of typescript follows:
Script started on Thu Sep  1 08:48:56 2016
dfly# pkg audit -F
vulnxml file up-to-date
libxml2-2.9.3 is vulnerable:
libxml2 -- multiple vulnabilities
CVE: CVE-2016-4483
CVE: CVE-2016-4449
CVE: CVE-2016-3705
CVE: CVE-2016-3627
CVE: CVE-2016-1840
CVE: CVE-2016-1839
CVE: CVE-2016-1838
CVE: CVE-2016-1837
CVE: CVE-2016-1836
CVE: CVE-2016-1835
CVE: CVE-2016-1834
CVE: CVE-2016-1833
CVE: CVE-2016-1762

1 problem(s) in the installed packages found.
dfly# pkg upgrade libxml2
Updating Avalon repository catalogue...
Avalon repository is up-to-date.
All repositories are up-to-date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
dfly# dmesg
Copyright (c) 2003-2016 The DragonFly Project.
Copyright (c) 1992-2003 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
DragonFly v4.6.0-RELEASE #0: Mon Aug  1 12:46:25 EDT 2016
    root at
i8254 clock: 1193149 Hz
TSC clock: 2394495924 Hz
CPU: QEMU Virtual CPU version 2.5+ (2394.50-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x663  Stepping = 3

  AMD Features=0x20100800<SYSCALL,NX,LM>
  AMD Features2=0x5<LAHF,SVM>
real memory  = 535297024 (510 MB)
avail memory = 447512576 (426 MB)
lapic: divisor index 0, frequency 500021959 Hz
SMI Frequency (worst case): 7092 Hz (141 us)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Users mailing list