I recently tried FreeBSD’s pkgng, based on Ivan Voras’ blog post. Days after getting the new machine set up, though, I got this in my daily status mail:

Checking for packages with security vulnerabilities:

Database fetched: Fri Aug 3 03:02:57 EDT 2012

apache-2.2.22_5 is vulnerable:

Apache -- Insecure LD_LIBRARY_PATH handling

WWW: http://portaudit.FreeBSD.org/de2bc01f...

php5-5.4.4 is vulnerable:

php -- potential overflow in _php_stream_scandir

WWW: http://portaudit.FreeB...