lang/go security problem on one but not the other
Rob Belics
rob at spartantheatre.org
Wed Sep 2 16:31:39 UTC 2015
The date for vuln.xml, on the server which it won't build on, is September
1 while the date on the other is July 25.
Here is the output when I try this:
===>>> The following actions will be taken if you choose to proceed:
Install lang/go
Install lang/go14
===>>> Proceed? y/n [y]
===>>> Starting build for lang/go <<<===
===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go from ports
===>>> Launching child to install lang/go14
===>>> lang/go >> lang/go14 (1/1)
===>>> Port directory: /usr/ports/lang/go14
===>>> Starting check for build dependencies
===>>> Gathering dependency list for lang/go14 from ports
===>>> Dependency check complete for lang/go14
===>>> lang/go >> lang/go14 (1/1)
===> Cleaning for go14-1.4.2
===> go14-1.4.2 has known vulnerabilities:
go14-1.4.2 is vulnerable:
go -- multiple vulnerabilities
CVE: CVE-2015-5741
CVE: CVE-2015-5740
CVE: CVE-2015-5739
WWW:
https://vuxml.FreeBSD.org/freebsd/4464212e-4acd-11e5-934b-002590263bf5.html
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1
Stop.
make: stopped in /usr/ports/lang/go14
===>>> make build failed for lang/go14
===>>> Aborting update
===>>> Update for lang/go14 failed
===>>> Aborting update
===>>> You can restart from the point of failure with this command line:
portmaster <flags> lang/go lang/go14
More information about the freebsd-ports
mailing list