Thank you, I've got a stupid question. Is there the need to first update the package database, before arch-audit could check if there are upgrades available? I suspect it already gets this information when it parses the CVE wiki page, so there is no need to update the package database, right? Regards, Ralf [rocketmouse@archlinux ~]$ pacman -Q $(arch-audit -q | sort -u) bzip2 1.0.6-5 cinnamon-screensaver 3.0.1-1 gdk-pixbuf2 2.34.0-2 jasper 1.900.1-15 lib32-gdk-pixbuf2 2.34.0-1 libimobiledevice 1.2.0-3 libtiff 4.0.6-2 libusbmuxd 1.0.10-1 libwmf 0.2.8.4-13 wpa_supplicant 1:2.5-3 [rocketmouse@archlinux ~]$ arch-audit -q -u [rocketmouse@archlinux ~]$ sudo pacman -Syu && arch-audit -q -u [snip] there is nothing to do
