Ticket #15059 (new enhancement)
ENH: Add vulnerability (update) notification / detection
|Reported by:||ecronin@…||Owned by:||ecronin@…|
|Keywords:||security vulnerabilities vuxml||Cc:||tonytung@…|
Right now MacPorts lacks a good way of indicating that an installed port has a known vulnerability or that an update to an installed port fixes this vulnerability.
FreeBSD has developed the VuXML database http://www.vuxml.org/ and portaudit tool which may be a starting point for building a tool external to macports core (I have not looked at the practicality of porting portaudit to use the MacPorts registry).
A simpler, manual, internal fix would to be to add a monotonic counter similar to Revision which is incremented each time a critical update is made upstream and some changes to port outdated or perhaps a new port vulnerable that lists these.