lang/go security problem on one but not the other

Kevin Oberman rkoberman at
Wed Sep 2 19:54:57 UTC 2015

On Wed, Sep 2, 2015 at 9:53 AM, Rob Belics <rob at> wrote:

> I must have replied incorrectly. The dates on the two systems are
> different. The one that it does NOT build on shows vuln.xml as September 1
> while the other system builds and the date is June 25.
> I'm confused because I would think the newer date would have built. How do
> I get this sync'ed properly and why is it not sync'ed? I update ports with
> portsnap.

No, this is correct. the vulnerability was not reported until 28-Aug, so it
is not in the database for the system where the database is not getting
updated. go-1.4.2 is vulnerable on either system, but the system with the
July 25 database simply does not know it.

The information I just sent is correct. It is the vulnerability database
that is preventing the installation and not the port, so the problem will
remain until go14 is updated to 1.4.3.
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

More information about the freebsd-ports mailing list