Pfsense 2.4.5 package vulnerabilities

melpy

I am running pfsense 2.4.5. I just did a pkg audit to check for vulnerabilities and i see a number of packages on pfsense build that have vulnerabilities including

Curl 7.68.0
Python37-3.7.7
Php72-7.2.29
mpd5-5.8_10
Libnghttp2-1.40.0
Unbound-1.10.1
Sqllite3-3.30.1
Devcpu-data-1.28

I see no updates in the pfsense 2.4.5 repo for these packages when i try to do a pkg update which is a bit concerning. Why aren't these vulberabilities being addressed? Should i try to update these manually from the freebsd repo myself?

MoonKnight

Hi,

You got your answer here :)

@romor said in pfSense 2.5.0 release date?:

Hi,
i did upgrade one of test pfSense to 2.5.0 and then i tried pkg audit to check vulnerabilities.
All was ok without vulnerabilities.
That mean, release of 2.5.0 is important for us :-)

pkg update/upgrade on version 2.4.5.p1 i tested, but there is only a few updates, not all security updates.
After install upgrades is count of vulnerabilities same (16 in 10 packages).

https://forum.netgate.com/topic/160456/pfsense-2-5-0-release-date?_=1613340248630