lang/go security problem on one but not the other
rkoberman at gmail.com
Wed Sep 2 19:54:57 UTC 2015
On Wed, Sep 2, 2015 at 9:53 AM, Rob Belics <rob at spartantheatre.org> wrote:
> I must have replied incorrectly. The dates on the two systems are
> different. The one that it does NOT build on shows vuln.xml as September 1
> while the other system builds and the date is June 25.
> I'm confused because I would think the newer date would have built. How do
> I get this sync'ed properly and why is it not sync'ed? I update ports with
No, this is correct. the vulnerability was not reported until 28-Aug, so it
is not in the database for the system where the database is not getting
updated. go-1.4.2 is vulnerable on either system, but the system with the
July 25 database simply does not know it.
The information I just sent is correct. It is the vulnerability database
that is preventing the installation and not the port, so the problem will
remain until go14 is updated to 1.4.3.
Kevin Oberman, Network Engineer, Retired
E-mail: rkoberman at gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
More information about the freebsd-ports