Fixing security vulnerabilities. Every time you discover (and hopefully fix) a security vulnerability, please add an entry in the FreeBSD VuXML database which lives at $PORTSDIR/security/vuxml/vuln.xml please use an existing entry as a sample for the new one, a new (random) UUID can be generated by uuidgen(1) on FreeBSD 5.x, on FreeBSD 4.x you can install port devel/p5-Data-UUID (pkg_add -r p5-Data-UUID) and do perl -we 'use Data::UUID; print lc new Data::UUID->create_str, "\n";' As an alternative you could add an short entry to $PORTSDIR/security/portaudit-db/database/portaudit.txt and send a request for review to the Security Officer Team , refer to "FreeBSD security information" for more information. Assume you just made an entry for a vulnerability in port clamav which is fixed in version 0.65_7. First install ports security/portaudit-db and security/portaudit and check if there is already one: packaudit; portaudit clamav-0.65_6 (packaudit assumes that the user you are running as can write to /var/db/portaudit, or $DATABASEDIR when set) Lets assume there is none, so you want to make an entry for ports matching 'clamav<0.65_7'. Let's test whether you accidentially match other ports: /usr/sbin/pkg_version -T /usr/ports/INDEX 'clamav<0.65_7' | cut -f 1 -d \| (You would use 'apache>=2.*<3.*' to match *all* apache-2.x ports. 'apache>=2.0' won't match alpha versions, like 'apache-2.a15') You generate a fresh UUID (74a9541d-5d6c-11d8-80e3-0020ed76ef5a) and make an entry. When you made the entry in vuln.xml (recommended) verify whether is is syntactically correct with cd $PORTSDIR/security/vuxml; make validate otherwise skipt this step. Now check whether the right versions are matched: portaudit clamav-0.65_6 clamav-0.65_7 Then check whether the web page looks like expected with mkdir ~/public_html/portaudit packaudit lynx ~/public_html/portaudit/74a9541d-5d6c-11d8-80e3-0020ed76ef5a.html If everthing is fine, go ahead and commit the change (or submit a patch) -Oliver