Created attachment 144815 [details] patch to fix vuxml entry for nvidia-driver-96 x11/nvidia-driver-96 shows up as vulnerable in vuxml, but both CVE-2012-0946 and CVE-2012-4225 have been fixed in the port. Adjust vuxml accordingly.
over to maintainer
The patch is correct, however, it is correct for the pre-pkgng world where several package versions could share the same package name (with default pointed by LATEST_LINK). Since those times, all nvidia-driver legacy ports have different (ugly due to XX-XX doubling) names now, so that vulnerability check does not cover them at all: $ pkg audit nvidia-driver-96-96.43.23_2 0 problem(s) in the installed packages found. # Before (pre-pkgng, latest-link times): $ pkg audit nvidia-driver-96.43.23_2 nvidia-driver-96.43.23_2 is vulnerable: NVIDIA UNIX driver -- access to arbitrary system memory CVE: CVE-2012-4225 CVE: CVE-2012-0946 WWW: http://portaudit.FreeBSD.org/b91234e7-9a8b-11e1-b666-001636d274f3.html 1 problem(s) in the installed packages found. Shall I refactor vuln.xml to split original "umbrella" nvidia-driver entries covering all versions into per-port ones? Shall I retain old entries or remove them (technically they are from EOL'ed pkg_* tools times, but users still might live with them after pkg2ng conversion).
The x11/nvidia-driver-96 port has been removed on 2014-12-19 with comment of 'Removed: Not compatible with xserver 1.14', closing the PR.