lang/go security problem on one but not the other

Kevin Oberman rkoberman at gmail.com
Wed Sep 2 19:54:57 UTC 2015


On Wed, Sep 2, 2015 at 9:53 AM, Rob Belics <rob at spartantheatre.org> wrote:

> I must have replied incorrectly. The dates on the two systems are
> different. The one that it does NOT build on shows vuln.xml as September 1
> while the other system builds and the date is June 25.
>
> I'm confused because I would think the newer date would have built. How do
> I get this sync'ed properly and why is it not sync'ed? I update ports with
> portsnap.
>

No, this is correct. the vulnerability was not reported until 28-Aug, so it
is not in the database for the system where the database is not getting
updated. go-1.4.2 is vulnerable on either system, but the system with the
July 25 database simply does not know it.

The information I just sent is correct. It is the vulnerability database
that is preventing the installation and not the port, so the problem will
remain until go14 is updated to 1.4.3.
--
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683


More information about the freebsd-ports mailing list