lang/go security problem on one but not the other

Rob Belics rob at
Wed Sep 2 16:31:39 UTC 2015

The date for vuln.xml, on the server which it won't build on, is September
1 while the date on the other is July 25.

Here is the output when I try this:

===>>> The following actions will be taken if you choose to proceed:
Install lang/go
Install lang/go14

===>>> Proceed? y/n [y]

===>>> Starting build for lang/go <<<===

===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go from ports
===>>> Launching child to install lang/go14

===>>> lang/go >> lang/go14 (1/1)

===>>> Port directory: /usr/ports/lang/go14

===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go14 from ports
===>>> Dependency check complete for lang/go14

===>>> lang/go >> lang/go14 (1/1)

===>  Cleaning for go14-1.4.2
===>  go14-1.4.2 has known vulnerabilities:
go14-1.4.2 is vulnerable:
go -- multiple vulnerabilities
CVE: CVE-2015-5741
CVE: CVE-2015-5740
CVE: CVE-2015-5739

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
=> If you wish to ignore this vulnerability rebuild with 'make
*** Error code 1

make: stopped in /usr/ports/lang/go14

===>>> make build failed for lang/go14
===>>> Aborting update

===>>> Update for lang/go14 failed
===>>> Aborting update

===>>> You can restart from the point of failure with this command line:
       portmaster <flags> lang/go lang/go14

More information about the freebsd-ports mailing list